This page needs JavaScript. If you are on a restricted network, some scripts may be blocked. Try another network or open the app at https://pdfextractorai.vercel.app.A required script was blocked by your network. Try another network or open the app at https://pdfextractorai.vercel.app.
Open fallback domainContact support
← Back

Data Processors & Service Providers

Complete list of third-party services that process your data

Data Processing Transparency

In accordance with GDPR Article 28, we maintain this comprehensive list of all data processors and service providers that handle personal data on our behalf. Each processor has appropriate data protection agreements and safeguards in place.

All processors have signed DPAs
GDPR compliance verified
EU region options available

This list is reviewed whenever we add or replace a provider so the safeguards stay aligned with our operational setup.

For questions about subprocessors or upcoming changes, contact privacy@pdfextractorai.com.

Vercel Inc.

Web hosting, serverless functions, and content delivery

infrastructureGDPR CompliantEU Region

Data Location

Global CDN; serverless compute configured for EU (fra1)

Data Retention

Logs retained for 30 days, then deleted

Data Types Processed

IP addressesRequest logsPerformance metricsError logs

Data Protection Safeguards

  • Vercel Data Processing Addendum
  • Standard Contractual Clauses (SCCs)
  • SOC 2 Type II compliance
  • ISO 27001 certification
  • Data encryption in transit and at rest

Supabase Inc.

Database hosting, user authentication, and real-time features

databaseGDPR CompliantEU Region

Data Location

EU (eu-central-2)

Data Retention

User-controlled, automatic cleanup available

Data Types Processed

User profilesUsage dataAuthentication tokensApplication data

Data Protection Safeguards

  • Supabase Data Processing Agreement
  • Standard Contractual Clauses (SCCs)
  • SOC 2 Type II compliance
  • Data encryption in transit and at rest
  • Regular security audits

Resend

Transactional email delivery

emailGDPR CompliantEU Region

Data Location

EU region (Ireland, eu-west-1)

Data Retention

Logs retained per provider policy (short-lived)

Data Types Processed

Email addressMessage metadataDelivery logs

Data Protection Safeguards

  • Resend Data Processing Agreement
  • Standard Contractual Clauses (SCCs)
  • Encrypted transport (TLS)
  • GDPR-aligned processing

OpenAI L.P.

AI-powered PDF document processing and data extraction

aiGDPR Compliant

Data Location

United States (if enabled)

Data Retention

30 days maximum for API data, then deleted

Data Types Processed

PDF contentExtracted dataProcessing metadata

Data Protection Safeguards

  • OpenAI Enterprise Privacy Agreement
  • Standard Contractual Clauses (SCCs)
  • SOC 2 Type II compliance
  • Zero data retention for API calls (Enterprise)
  • Data encryption in transit and at rest

Google LLC (Gemini API)

AI-powered PDF document processing and data extraction

aiGDPR CompliantEU Region

Data Location

EU users: Vertex AI (europe-west1). Non-EU users: AI Studio global endpoint

Data Retention

Configurable, immediate deletion available

Data Types Processed

PDF contentExtracted dataProcessing metadata

Data Protection Safeguards

  • Google Cloud Data Processing Addendum
  • Standard Contractual Clauses (SCCs)
  • ISO 27001, SOC 2 Type II compliance
  • Data residency controls
  • Configurable retention policies

Stripe Inc.

Payment processing (future use)

paymentsGDPR CompliantEU Region

Data Location

Global (EU/US processing depending on account setup)

Data Retention

As required for financial compliance

Data Types Processed

Payment dataBilling detailsSubscription metadata

Data Protection Safeguards

  • Stripe Data Processing Agreement
  • Standard Contractual Clauses (SCCs)
  • PCI DSS compliance

Your Rights Regarding Data Processors

What We Ensure

  • • All processors have signed comprehensive Data Processing Agreements (DPAs)
  • • Regular compliance audits and security assessments
  • • Appropriate technical and organizational measures
  • • Immediate notification of any data breaches
  • • Data deletion capabilities when required

Your Rights

  • • Right to know which processors handle your data
  • • Right to object to specific processing activities
  • • Right to request data deletion from all processors
  • • Right to receive copies of relevant DPAs upon request
  • • Right to file complaints with supervisory authorities

International Data Transfers

When your data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. For EU users, we prioritize processors that offer EU region hosting where technically feasible.

Contact for Processor-Related Inquiries

For questions about our data processors, to request DPA copies, or to exercise your rights regarding processor activities, contact us at privacy@pdfextractorai.com.