This page needs JavaScript. If you are on a restricted network, some scripts may be blocked. Try another network or open the app at https://pdfextractorai.vercel.app.A required script was blocked by your network. Try another network or open the app at https://pdfextractorai.vercel.app.
Open fallback domainContact support

Data Processors & Service Providers

Complete list of third-party services that process your data

Data Processing Transparency
In accordance with GDPR Article 28, we maintain this comprehensive list of all data processors and service providers that handle personal data on our behalf. Each processor has appropriate data protection agreements and safeguards in place.
All processors have signed DPAs
GDPR compliance verified
EU region options available

This list is reviewed whenever we add or replace a provider so the safeguards stay aligned with our operational setup. We keep it updated for transparency.

For questions about subprocessors or upcoming changes, contact privacy@pdfextractorai.com.

πŸ—οΈ
Vercel Inc.
Web hosting, serverless functions, and content delivery
infrastructure
GDPR Compliant
EU Region Available

Data Location

Global CDN; serverless compute configured for EU (fra1)

Data Retention

Logs retained for 30 days, then deleted

Data Types Processed

IP addresses
Request logs
Performance metrics
Error logs

Data Protection Safeguards

  • βœ“Vercel Data Processing Addendum
  • βœ“Standard Contractual Clauses (SCCs)
  • βœ“SOC 2 Type II compliance
  • βœ“ISO 27001 certification
  • βœ“Data encryption in transit and at rest
πŸ—„οΈ
Supabase Inc.
Database hosting, user authentication, and real-time features
database
GDPR Compliant
EU Region Available

Data Location

EU (eu-central-2)

Data Retention

User-controlled, automatic cleanup available

Data Types Processed

User profiles
Usage data
Authentication tokens
Application data

Data Protection Safeguards

  • βœ“Supabase Data Processing Agreement
  • βœ“Standard Contractual Clauses (SCCs)
  • βœ“SOC 2 Type II compliance
  • βœ“Data encryption in transit and at rest
  • βœ“Regular security audits
πŸ“§
Resend
Transactional email delivery
email
GDPR Compliant
EU Region Available

Data Location

EU region (Ireland, eu-west-1)

Data Retention

Logs retained per provider policy (short-lived)

Data Types Processed

Email address
Message metadata
Delivery logs

Data Protection Safeguards

  • βœ“Resend Data Processing Agreement
  • βœ“Standard Contractual Clauses (SCCs)
  • βœ“Encrypted transport (TLS)
  • βœ“GDPR-aligned processing
πŸ€–
OpenAI L.P.
AI-powered PDF document processing and data extraction
ai
GDPR Compliant

Data Location

United States (if enabled)

Data Retention

30 days maximum for API data, then deleted

Data Types Processed

PDF content
Extracted data
Processing metadata

Data Protection Safeguards

  • βœ“OpenAI Enterprise Privacy Agreement
  • βœ“Standard Contractual Clauses (SCCs)
  • βœ“SOC 2 Type II compliance
  • βœ“Zero data retention for API calls (Enterprise)
  • βœ“Data encryption in transit and at rest
πŸ€–
Google LLC (Gemini API)
AI-powered PDF document processing and data extraction
ai
GDPR Compliant
EU Region Available

Data Location

EU users: Vertex AI (europe-west1). Non‑EU users: AI Studio global endpoint

Data Retention

Configurable, immediate deletion available

Data Types Processed

PDF content
Extracted data
Processing metadata

Data Protection Safeguards

  • βœ“Google Cloud Data Processing Addendum
  • βœ“Standard Contractual Clauses (SCCs)
  • βœ“ISO 27001, SOC 2 Type II compliance
  • βœ“Data residency controls
  • βœ“Configurable retention policies
πŸ’³
Stripe Inc.
Payment processing (future use)
payments
GDPR Compliant
EU Region Available

Data Location

Global (EU/US processing depending on account setup)

Data Retention

As required for financial compliance

Data Types Processed

Payment data
Billing details
Subscription metadata

Data Protection Safeguards

  • βœ“Stripe Data Processing Agreement
  • βœ“Standard Contractual Clauses (SCCs)
  • βœ“PCI DSS compliance
Your Rights Regarding Data Processors

What We Ensure

  • β€’ All processors have signed comprehensive Data Processing Agreements (DPAs)
  • β€’ Regular compliance audits and security assessments
  • β€’ Appropriate technical and organizational measures
  • β€’ Immediate notification of any data breaches
  • β€’ Data deletion capabilities when required

Your Rights

  • β€’ Right to know which processors handle your data
  • β€’ Right to object to specific processing activities
  • β€’ Right to request data deletion from all processors
  • β€’ Right to receive copies of relevant DPAs upon request
  • β€’ Right to file complaints with supervisory authorities

International Data Transfers

When your data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. For EU users, we prioritize processors that offer EU region hosting where technically feasible.

Contact for Processor-Related Inquiries

For questions about our data processors, to request DPA copies, or to exercise your rights regarding processor activities, contact us at privacy@pdfextractorai.com.