Last updated July 15, 2026
Subprocessors
Endless Machine Corp. (“Endless”) engages the third-party providers below to help deliver the Service. Each acts as a subprocessor under a data-processing agreement (DPA) and may only process personal data on our documented instructions, with appropriate security and international-transfer safeguards.
This list is provided for transparency and forms part of our Privacy policy. It covers the providers that process personal data to run the Service; it does not include third-party services you choose to connect yourself, whose processing is governed by that service and by your own settings.
Authentication & identity
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| ClerkClerk, Inc.Privacy policy | Authentication, sessions, and workspace membership management | United States | Essential service functionality | EU-U.S. Data Privacy Framework + SCCs |
Payments & billing
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| StripeStripe, Inc.Privacy policy | Payment processing, subscriptions, and invoicing | United States | Essential service functionality | EU-U.S. Data Privacy Framework + SCCs |
Database & storage
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| PlanetScalePlanetScale, Inc.Privacy policy | Managed application database | United States | Essential service functionality | Standard Contractual Clauses (SCCs) |
| Cloudflare (R2, Workers)Cloudflare, Inc.Privacy policy | Object storage, edge compute, and content delivery | United States (global edge network) | Essential service infrastructure | EU-U.S. Data Privacy Framework + SCCs |
Hosting & infrastructure
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| VercelVercel Inc.Privacy policy | Application hosting, serverless functions, and CDN | United States (global edge network) | Essential service infrastructure | EU-U.S. Data Privacy Framework + SCCs |
AI model inference
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| falfal - Features & Labels Inc.Privacy policy | Image, video, and audio model inference | United States | Core product functionality | Standard Contractual Clauses (SCCs) |
| ReplicateReplicate, Inc.Privacy policy | Image, video, and audio model inference | United States | Core product functionality | Standard Contractual Clauses (SCCs) |
| Google Cloud (Vertex AI)Google LLCPrivacy policy | Large-language-model inference | United States | Core product functionality | EU-U.S. Data Privacy Framework + SCCs |
| ElevenLabsElevenLabs, Inc.Privacy policy | Text-to-speech and voice synthesis | United States | Core product functionality | EU-U.S. Data Privacy Framework + SCCs |
Content processing & research
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| SupadataDumpling Software UGPrivacy policy | Audio and video transcription | European Union (Germany) | Core product functionality | Processed within the EEA |
| ExaExa Labs, Inc.Privacy policy | AI web search for research | United States | Core product functionality | Standard Contractual Clauses (SCCs) |
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| ResendPlus Five Five, Inc.Privacy policy | Transactional email delivery | United States | Essential service functionality | EU-U.S. Data Privacy Framework + SCCs |
Customer support
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| IntercomIntercom, Inc.Privacy policy | In-product support messaging | United States | Customer support | EU-U.S. Data Privacy Framework + SCCs |
Analytics & monitoring
| Subprocessor | Purpose | Primary location | Category | Transfer mechanism |
|---|---|---|---|---|
| PostHogPostHog, Inc.Privacy policy | Product analytics, session replay, and feature flags | United States (EU Cloud available) | Analytics (requires consent) | EU-U.S. Data Privacy Framework + SCCs |
| Google Analytics & Tag ManagerGoogle LLCPrivacy policy | Website traffic and marketing measurement | United States | Analytics (requires consent) | EU-U.S. Data Privacy Framework + SCCs |
| IPinfoapilayer Data Products GmbHPrivacy policy | IP-based geolocation for security and fraud prevention | European Union (Austria) | Security and fraud prevention | Processed within the EEA |
International data transfers
Where a provider processes personal data outside the EEA, UK, or Switzerland, we rely on appropriate safeguards - the EU-U.S. Data Privacy Framework where the provider is certified, and/or the European Commission’s Standard Contractual Clauses (with the UK Addendum where relevant), together with additional technical and organizational measures. Providers marked as processing within the EEA do not require an outbound transfer mechanism.
Changes to this list
We update this list when we add or remove a subprocessor. Where required, we will give notice of material changes so you have the opportunity to object before a new subprocessor begins processing personal data.
Questions
For questions about our subprocessors or to request a copy of a DPA, contact privacy@endless.app.