— GDPR compliance
Sub-processors
Last updated: June 2026
Biddexis Technology S.R.L. (CUI RO54716018) uses the third-party sub-processors listed below to operate the Biddexis service. We enter into Data Processing Agreements (DPAs) with each processor. International transfers to the US are governed by Standard Contractual Clauses and/or the EU–US Data Privacy Framework where applicable.
| Processor | Purpose | Data location | Transfer basis | DPA |
|---|---|---|---|---|
| Supabase | Primary database, user authentication, file storage | EU — Frankfurt (AWS eu-central-1) | EU only | View → |
| Vercel | Application hosting and edge delivery | EU regions (primary) | EU only | View → |
| Anthropic | AI processing — Claude Haiku & Sonnet for requirement extraction and response generation | US | EU–US Standard Contractual Clauses and EU–US Data Privacy Framework | View → |
| OpenAI | Text embeddings for semantic search (Knowledge Bank, Past Proposals) | US | EU–US Standard Contractual Clauses and EU–US Data Privacy Framework | View → |
| Stripe | Payment processing and subscription management — we do not store card data | EU / US (Stripe Infrastructure) | EU–US Standard Contractual Clauses | View → |
| Resend | Transactional email and digest email delivery | US | EU–US Standard Contractual Clauses | View → |
| Cloudflare | DNS, CDN, and email routing | Global edge network | EU–US Standard Contractual Clauses and EU–US Data Privacy Framework | View → |
Supabase
Primary database, user authentication, file storage
Location: EU — Frankfurt (AWS eu-central-1)
View DPA →Anthropic
AI processing — Claude Haiku & Sonnet for requirement extraction and response generation
Location: US
Transfer basis: EU–US Standard Contractual Clauses and EU–US Data Privacy Framework
View DPA →OpenAI
Text embeddings for semantic search (Knowledge Bank, Past Proposals)
Location: US
Transfer basis: EU–US Standard Contractual Clauses and EU–US Data Privacy Framework
View DPA →Stripe
Payment processing and subscription management — we do not store card data
Location: EU / US (Stripe Infrastructure)
Transfer basis: EU–US Standard Contractual Clauses
View DPA →Resend
Transactional email and digest email delivery
Location: US
Transfer basis: EU–US Standard Contractual Clauses
View DPA →Cloudflare
DNS, CDN, and email routing
Location: Global edge network
Transfer basis: EU–US Standard Contractual Clauses and EU–US Data Privacy Framework
View DPA →Updates. We will update this page when sub-processors are added, removed, or changed. Material changes to sub-processors that affect your data will be communicated via email and in-application notice.
Questions. For questions about our sub-processors or to exercise your GDPR rights, contact privacy@biddexis.com.
See also: Privacy Policy · AI Transparency