Subprocessor List

Transparency about third-party services that process your data. Required for GDPR compliance.

Last Updated: January 29, 2026

In accordance with GDPR requirements and our commitment to transparency, this page lists third-party service providers (subprocessors) that process personal data on behalf of BrandOps. All subprocessors are contractually obligated to protect your data and comply with applicable data protection laws.

1. What Are Subprocessors?

Subprocessors are third-party service providers that process personal data on behalf of BrandOps to enable our Service. We use subprocessors for essential functions such as:

  • Hosting and infrastructure services
  • Database storage and management
  • Social media platform integrations (OAuth and API access)
  • Content delivery and performance optimization

2. Data Protection Agreements

All subprocessors are contractually bound to:

  • Process personal data only as necessary to provide their services
  • Implement appropriate technical and organizational security measures
  • Comply with GDPR, CCPA, and other applicable data protection laws
  • Not use your data for any purpose other than providing services to BrandOps

3. Current Subprocessors

PostgreSQL / Supabase

United States / EU

Primary database hosting and data storage

User accountsContent dataPlatform connectionsAnalytics

Vercel

Global (CDN)

Application hosting and content delivery

Application hostingCDN logs

Meta (Facebook/Instagram/Threads)

United States

Social media platform integration via OAuth and Graph API

OAuth tokensAccount informationPost metrics

LinkedIn

United States

Social media platform integration via OAuth and LinkedIn API

OAuth tokensAccount informationPost metrics

X (Twitter)

United States

Social media platform integration via OAuth and X API

OAuth tokensAccount informationPost metrics

Note: This list may be updated as we add or remove subprocessors. We will notify you of material changes to this list by updating the "Last Updated" date on this page.

4. Data Location and Transfers

4.1 Data Storage Locations

Your data may be processed in the following regions:

  • United States: Primary hosting and database services
  • European Union: Database hosting options (if using EU region)
  • Global: Content delivery network (CDN) caching

We implement appropriate safeguards (including Standard Contractual Clauses where applicable) to ensure your data is protected when transferred outside your jurisdiction.

5. Changes to Subprocessors

5.1 Adding New Subprocessors

When we add a new subprocessor, we will:

  • Update this list within 30 days
  • Enter into a Data Processing Agreement (DPA) with the new subprocessor
  • Ensure the subprocessor meets our security and compliance standards

5.2 Objecting to New Subprocessors

If you have concerns about a new subprocessor, please contact us using the information below. While we cannot always accommodate objections (as some subprocessors are essential for service operation), we will work with you to address your concerns and explore alternatives when possible.

6. Questions About Subprocessors

Contact Us

If you have questions about our subprocessors or data processing practices, please contact us:

BrandOps Privacy Team

Email: privacy@brandops.com

Subject Line: "Subprocessor Inquiry"

Related Policies: This Subprocessor List should be read in conjunction with ourPrivacy PolicyandTerms of Service.