Sub-processors
Last updated: 2026-05-02
The short version. A sub-processor is any third party that processes personal data of OffCoder users on our behalf. We commit to giving registered users at least 30 days' notice by email — and on this page — before adding a new sub-processor that materially changes the categories of personal data shared, the destination jurisdiction, or the purpose of processing. To receive these notices, ensure your account email is current.
1. How to subscribe to change notices
All registered users automatically receive sub-processor change notices to the email on file. There is no separate opt-in. If you wish to receive notices without holding an active account, email privacy@offcoder.com with the subject "Subscribe to sub-processor notices" and we will add you to the notification list.
2. Current sub-processors
The following entities process personal data of OffCoder users on our behalf, in the categories and locations stated. Sub-processor changes since the last revision are noted in the change log at the bottom of this page.
2.1 Hosting and infrastructure
| Sub-processor | Purpose | Data categories | Region(s) |
|---|---|---|---|
| Amazon Web Services, Inc. | Compute (EC2/Fargate), object storage (S3), runtime sandbox orchestration. | Account data, project files, runtime logs, AI prompt forwarding metadata, user-generated content at rest. | ap-south-1 (Mumbai); cross-region backups within India. |
| Amazon Web Services, Inc. (SES) | Transactional email delivery (sign-up, receipts, security alerts, sub-processor change notices). | Email address, name, transactional message body. | ap-south-1 (Mumbai). |
| Neon Inc. | Managed PostgreSQL database hosting (primary application database), encrypted at rest with provider-side AES-256. | Account profile, projects metadata, entitlements, payment events, audit logs. | Asia-Pacific (Singapore region — Neon's nearest paid-tier region to OffCoder's user base at the date above). |
| Cloudflare, Inc. | (i) CDN, DDoS protection, and edge TLS termination for offcoder.com, the API edge, and offcoder.dev hosted-service domains; (ii) static-asset cache (Cloudflare R2) and certain Website-only edge functions (Cloudflare Workers); (iii) Cloudflare Web Analytics — aggregate, cookieless visit metrics (page views, top pages, country, referrer, time-on-page) for the marketing surface only. | IP address, request metadata, TLS handshake metadata, cached static assets. No account or project data is routed through R2 / Workers; account data flows through the CDN only as encrypted TLS traffic terminated at the Cloudflare edge. Cloudflare Web Analytics receives only the URL, referrer, viewport size, and a coarse-grained timestamp — no cookies, no persistent identifier, no cross-site profiling. | Global edge network; nearest PoP. |
2.2 Payments
| Sub-processor | Purpose | Data categories | Region(s) |
|---|---|---|---|
| Razorpay Software Private Limited | Payment processing (cards, UPI, netbanking) for INR-denominated charges; subscription billing; invoicing data. | Name, email, IP address used at payment, transaction amount, masked payment-method identifier, GSTIN if provided. Payment-instrument data (card PAN, UPI VPA, banking credentials, KYC) is collected by Razorpay directly and OffCoder does not see or store it. | India. |
2.3 AI providers (selected by user)
The AI provider that receives your prompts depends on the model you select in the App. Where OffCoder forwards prompts using its own master API key (Pro plan), the providers below act as our sub-processors. Where you supply a Bring-Your-Own-Key (BYOK), the AI provider is your direct counterparty under their own privacy policy and OffCoder relays your prompt only as a transit conduit.
The "training and retention posture" column states the contractual terms that apply to OffCoder's master-key API usage as currently configured. We deliberately describe these in the provider's own published baseline language — we do not claim a Zero Data Retention ("ZDR") arrangement unless we have a separate written approval from the provider on file. Where we obtain ZDR, this page will be updated within the 30-day notice window of Section 1.
| Sub-processor | Purpose | Data categories & training/retention posture | Region(s) |
|---|---|---|---|
| Anthropic PBC | Claude model inference. | AI prompts, attached code/context, model output. Anthropic's published Commercial Terms of Service state that API content submitted via paid commercial use is not used to train Anthropic's models. Per Anthropic's published Usage Policies, API inputs and outputs under standard commercial use are retained for up to 30 days; content that is flagged into Anthropic's trust-and-safety review (for example, suspected policy violations) may be retained longer than 30 days in accordance with Anthropic's then-current policies. A Zero Data Retention agreement, where in place, displaces the standard 30-day baseline; OffCoder operates under the standard baseline at this time. | United States. |
| OpenAI, OpCo, LLC | GPT-family model inference. | As Anthropic above (data categories). Per OpenAI's published API data-usage policy, content submitted to the API is not used to train OpenAI models by default. Standard API content may be retained for up to 30 days for abuse monitoring unless a separate Zero Data Retention agreement is in place; OffCoder operates under the standard retention baseline at this time. Litigation hold: as a result of an ongoing court-ordered preservation directive in The New York Times Co. v. Microsoft Corp. and OpenAI (S.D.N.Y.), OpenAI has publicly disclosed that certain API output logs may be retained beyond the standard 30-day window for the duration of the preservation order. To the extent that order applies to the API tier or region OffCoder uses, the retention period for affected content is extended accordingly. We are tracking OpenAI's published statements on the scope of the hold and will update this disclosure if the position changes. | United States. |
| Google LLC (Gemini API — paid tier) | Gemini model inference. | As Anthropic above (data categories). Per Google's published Gemini API additional terms for the paid tier, content submitted via paid Gemini API requests is not used to improve Google's products. We use only the paid tier for production traffic. | United States. |
| OpenRouter, Inc. | Aggregator routing for less-common models. | Routing metadata, model identifier, prompt forwarding. OpenRouter's terms govern its conduct as an aggregator; the underlying model provider's training and retention posture additionally applies. Downstream model hosts (sub-sub-processors). Where OpenRouter routes a request to a downstream model host (for example, Together AI, Fireworks AI, DeepInfra, Groq, Cerebras, or others), that host receives the prompt to run inference and is therefore a sub-sub-processor for that request. The list of currently-active downstream hosts depends on the model you select; OpenRouter publishes the per-model host mapping at openrouter.ai/models, and we surface the model identifier in the App's model picker so you can cross-reference against that directory before sending a request. | United States. |
2.4 Authentication providers (selected by user)
Used only when you choose to sign in with a third-party identity provider. Each operates as an independent controller for the basic profile fields it returns to OffCoder.
| Provider | Purpose | Data categories | Region(s) |
|---|---|---|---|
| Google LLC | OAuth sign-in. | Email, name, avatar URL, provider-side user ID. | United States. |
| GitHub, Inc. | OAuth sign-in. | As Google above; plus public-profile login handle. | United States. |
| GitLab, Inc. | OAuth sign-in. | As GitHub above. | United States. |
| Atlassian Pty Ltd (Bitbucket) | OAuth sign-in. | As GitHub above. | Australia / United States. |
| LinkedIn Corporation | OAuth sign-in. | Email, name, profile-picture URL. | United States. |
2.5 Operational tooling
| Sub-processor | Purpose | Data categories | Region(s) |
|---|---|---|---|
| Functional Software, Inc. (Sentry) | Crash and error monitoring. | Pseudonymized stack traces with PII scrubbing applied where feasible (Sentry's beforeSend hook strips known-sensitive fields and truncates long string captures), app version, OS version, minimal device-context fields (Sentry's standard "device context" capture — not a tracking fingerprint), and a per-install random identifier. No source code, prompt content, or model output is sent. Retention: 90 days at Sentry, then auto-purged. |
United States. |
2.6 Planned additions (no data flowing yet)
The following entities are not currently sub-processors — no personal data flows to them as of the date above. They are listed for transparency so that prospective enterprise customers can see what we may engage during the planning window stated against each entry. Activation will trigger a sub-processor change notice per Section 1. If a planning window expires without activation, the entry is either updated with a new window or removed at the next revision of this page.
| Entity | Anticipated purpose | Anticipated data categories | Anticipated region(s) |
|---|---|---|---|
| Stripe Payments India Private Limited / Stripe, Inc. Planning window: through 2026-08-02 (90 days from the date above). |
Card processing for non-INR / international card flows where Razorpay is not optimal. Activation pending Stripe onboarding. | Name, email, IP address used at payment, transaction amount, masked payment-method identifier. Payment-instrument data (card PAN, banking credentials, KYC) collected by Stripe directly; Stripe acts as an independent data fiduciary / controller for that data under its own privacy policy. | India / United States. |
3. Cross-border transfers
Several sub-processors above operate from outside India and outside the European Economic Area. For data originating in India, transfers proceed in accordance with §16 DPDPA and the recipients' own data-protection commitments. For data originating in the EEA, the United Kingdom, or Switzerland, OffCoder relies, in order of priority: (a) on an adequacy decision where the recipient is certified (e.g. the EU–US Data Privacy Framework and its UK / Swiss extensions); (b) otherwise on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914, modules 2 (controller-to-processor) and 3 (processor-to-processor)) and, for UK-origin data, on the UK ICO's International Data Transfer Addendum; and (c) for the limited category of transfers that cannot be supported by either of the foregoing (e.g. the immediate relay of an AI prompt you submit to a selected AI provider where no SCCs are in place), on the contract-necessity ground in Article 49(1)(b) GDPR, as more fully described in Privacy Policy §8. We do not rely on Article 49(1)(a) "explicit consent" as an ordinary basis for cross-border transfer. We have conducted a Transfer Impact Assessment for the principal sub-processors and supplementary measures (TLS 1.2+ in transit, encryption at rest, application-layer pseudonymization where feasible) are applied to mitigate residual risks identified.
4. Data Processing Agreements (DPAs)
Each sub-processor's publicly-available standard DPA (or equivalent data-protection terms) is linked below for reference. Where a sub-processor offers a customer-signable DPA, OffCoder has executed it. A copy of the executed DPA on file with a particular sub-processor can be requested by EEA / UK data subjects, and by enterprise customers conducting vendor due diligence, at privacy@offcoder.com.
- Amazon Web Services — aws.amazon.com/service-terms (AWS Service Terms incorporate the AWS GDPR Data Processing Addendum).
- Neon — neon.com/legal/dpa.
- Cloudflare — cloudflare.com/cloudflare-customer-dpa.
- Razorpay — terms incorporated in the Razorpay Merchant Agreement; copy available on request.
- Anthropic — anthropic.com/legal/dpa (and the related Commercial Terms of Service at anthropic.com/legal/commercial-terms).
- OpenAI — openai.com/policies/data-processing-addendum.
- Google Cloud (Gemini API) — cloud.google.com/terms/data-processing-addendum.
- OpenRouter — OpenRouter's standard published Terms of Service apply (openrouter.ai/terms) together with their Privacy Policy. OpenRouter does not currently offer a separately-signable customer DPA in our tier; OffCoder is engaging with OpenRouter to put one in place, and this entry will be updated when that is concluded.
- Sentry (Functional Software, Inc.) — sentry.io/legal/dpa.
- Google (OAuth) — Google API Services User Data Policy and Google Cloud DPA (linked above).
- GitHub — incorporated in the GitHub Customer Agreement; docs.github.com/site-policy.
- GitLab — about.gitlab.com/handbook/legal/data-processing-agreement.
- Atlassian (Bitbucket) — atlassian.com/legal/data-processing-addendum.
- LinkedIn — the relevant terms for OAuth-only API consumption are the LinkedIn API Terms of Use and the LinkedIn Privacy Policy. LinkedIn does not currently offer a separately-signable customer DPA for OAuth-only API consumers.
Inclusion of a DPA link above does not extend rights beyond those provided by the underlying agreement and does not bind the sub-processor to terms beyond those each has published.
5. CCPA service-provider designation
For purposes of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act ("CCPA"), each entity listed in Sections 2.1 through 2.5 is engaged as a service provider as defined in CCPA §1798.140(ag) and Cal. Code Regs. tit. 11, §7050. Each is bound by contractual restrictions limiting its use, retention, and disclosure of personal information to the specific business purposes for which it is engaged by OffCoder, prohibiting the sale or sharing of personal information, prohibiting use outside of the direct business relationship between OffCoder and the service provider, and requiring it to notify OffCoder if it can no longer meet its obligations under CCPA. Sub-processors located outside California are bound through equivalent contractual provisions in their standard DPAs (Section 4) which OffCoder has accepted or executed.
6. Change log
- 2026-05-02 — Initial publication of the sub-processor list. No additions or removals since the last Privacy Policy revision.
7. Contact
Questions about a sub-processor or to request the underlying Data Processing Agreement on file: privacy@offcoder.com.