Sub-Processors
Last Updated: March 2026
38Hub uses a limited number of third-party service providers ("sub-processors") to help deliver, maintain, and improve our platform. Each sub-processor is carefully selected and contractually obligated to protect your data in accordance with applicable data protection laws, including GDPR.
Below is the current list of sub-processors, their purpose, the location of their data processing, and the categories of data they process on our behalf.
Current Sub-Processors
| Sub-Processor | Purpose | Location | Data Processed |
|---|---|---|---|
Supabase | Database, Authentication, File Storage | Singapore / United States | Account data, content, files, authentication tokens |
Stripe | Payment Processing | United States | Billing data, transaction records, payment method details |
Anthropic (Claude) | AI Content Generation | United States | Content sent for AI processing (scoring, writing, extraction) |
OpenAI (GPT-4o) | AI Content Generation | United States | Content sent for AI processing (scoring, writing, extraction) |
Google (Gemini) | AI Features, OAuth, YouTube API | United States | Content for AI processing, authentication tokens, YouTube data |
Vercel | Application Hosting, CDN | Global (Edge Network) | Application requests, server logs, deployment artifacts |
Database, Authentication, File Storage
Singapore / United States
Account data, content, files, authentication tokens
Payment Processing
United States
Billing data, transaction records, payment method details
AI Content Generation
United States
Content sent for AI processing (scoring, writing, extraction)
AI Content Generation
United States
Content sent for AI processing (scoring, writing, extraction)
AI Features, OAuth, YouTube API
United States
Content for AI processing, authentication tokens, YouTube data
Application Hosting, CDN
Global (Edge Network)
Application requests, server logs, deployment artifacts
Changes to Sub-Processors
Notification Process
We will notify you of any changes to our sub-processors at least 30 days before the change takes effect. This notification will be sent via email to the address associated with your 38Hub account and will also be posted on this page.
If you have a Data Processing Agreement (DPA) with us, you may object to the addition of a new sub-processor within 14 days of receiving the notification. We will work with you in good faith to address any concerns. If we cannot resolve the objection, you may terminate your agreement in accordance with the DPA terms.
Data Protection Measures
All sub-processors listed above are bound by contractual obligations that require them to:
- Process personal data only as instructed by 38Hub and only for the purposes specified
- Implement appropriate technical and organizational security measures
- Notify 38Hub promptly in the event of a data breach
- Delete or return all personal data upon termination of the service agreement
- Support 38Hub in fulfilling data subject rights requests