Subprocessors

Last updated: May 3, 2026

To deliver the Contexo Service we rely on a small set of third-party providers ("subprocessors"). Each acts on our instructions under written agreements that include the data-protection commitments required by applicable law (including GDPR Art. 28 where relevant).

1. Current subprocessors

ProviderPurposeData processedRegion
Supabase Inc.
supabase.com/privacy
Managed PostgreSQL, authentication, object storage, vector indexes.Account credentials, customer content (documents, embeddings), chat sessions and messages, billing and quota records.United States / Customer-selectable regions
Google LLC (Gemini API)
ai.google.dev/terms
Large-language-model inference and embeddings for the RAG pipeline.Visitor messages, retrieved context chunks, system prompts. Per Google's paid-API terms, this content is not used to train Google's foundation models.United States / Multi-region
Lemon Squeezy LLC
lemonsqueezy.com/privacy
Merchant of record: payments, subscription management, tax calculation, invoicing, refunds.Customer email and billing details, payment instrument metadata, transaction history. Card data stays with their PCI-compliant processors and never reaches Contexo.United States / EU
RenderApplication hosting, networking, TLS termination, log aggregation.All traffic to and from the Contexo dashboard, API, and widgets.[REGION]
BrevoTransactional email (account, billing, security notifications).Recipient email address and message content.[REGION]

The placeholders above must be replaced with the providers actually used in production before this page is published.

2. Where data is processed

Personal data may be transferred to and processed in countries other than the one in which you live, including the United States. Where personal data is exported from the EU, EEA, UK, or Switzerland we rely on the European Commission's Standard Contractual Clauses (and the UK IDTA where relevant) supplemented by appropriate technical and organizational measures.

3. Notice of new subprocessors

We will publish updates to this list before engaging a new subprocessor. Customers on plans that include a Data Processing Addendum will receive at least 14 days' advance notice by email; if they object on reasonable data-protection grounds, they may terminate the affected subscription with a pro-rata refund of unused fees as their sole remedy.

4. Customer's own subprocessors

Customers who connect additional integrations (for example, by configuring webhooks to their own systems or pointing the widget at a CDN-served document) are responsible for those onward transfers. Those targets are not Contexo subprocessors.

5. Contact

For DPA requests or questions about this list email legal@contexo.ai.