Sub-processors
Last updated 2026-06-17
To run getAdvantage we rely on a small number of third-party providers that process personal data on our behalf and under our instructions. Under Article 28 of the EU General Data Protection Regulation (GDPR) these are our sub-processors. Each is bound by a data-processing agreement, may only process data for the purpose listed below, and may not use it for its own ends.
The list below is complete and current. We keep it deliberately small and honest: there are no advertising trackers, analytics cookies, or data brokers in this list, because getAdvantage uses none. Our own analytics are first-party, server-side funnel events with no cookie and no device storage.
Current sub-processors
| Name | Service / purpose | Location / region | Transfer safeguard |
|---|---|---|---|
| Vercel Inc. | Application hosting & content delivery | USA (EU region pinned: fra1) | EU Standard Contractual Clauses / EU-US Data Privacy Framework where certified |
| Neon Inc. | Managed PostgreSQL database (accounts, scans, billing mirror) | EU (Frankfurt) | EU — no third-country transfer |
| Stripe Payments Europe, Ltd. (with Stripe, Inc., USA) | Subscription billing & payment processing | EU / USA | EU Standard Contractual Clauses / EU-US Data Privacy Framework |
| OpenAI, L.L.C. | AI perception & copy generation on scanned content (API; not used to train models) | USA | EU Standard Contractual Clauses |
| Resend (Plus Five Five, Inc.) | Transactional email delivery | USA | EU Standard Contractual Clauses |
| ImprovMX SAS | Inbound email forwarding for getadvantage.app | EU / USA | EU Standard Contractual Clauses |
| Advantage Studio (Mission Control) | Internal operations console operated by the getAdvantage operator — receives a captured lead email + domain for founder operations | EU / USA | Intra-operator; EU Standard Contractual Clauses where applicable |
Where a provider is based in or routes data through the United States, the transfer outside the EU/EEA is protected by the safeguard named in the final column — the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and/or the EU-US Data Privacy Framework where the provider is certified. Database storage (Neon) is pinned to the EU (Frankfurt), and application hosting on Vercel is pinned to the EU region (fra1).
Notice of new sub-processors
Before we add or replace a sub-processor that processes customer personal data, we will give reasonable advance noticeby updating this page and the “last updated” date above. If you have a data-processing agreement with us, you may object on reasonable data-protection grounds within the notice period; we will work with you in good faith to address the concern, and if it cannot be resolved you may terminate the affected service. To be notified of changes in advance, ask us to add you to the sub-processor notification list.
Related documents
This page forms part of, and should be read together with, our Data Processing Agreement (Art. 28 GDPR terms and security measures) and our Privacy Policy (what we process, why, and your rights). For our legal entity and contact details, see the Impressum.