Subprocessor and transfer register
Current provider purposes and data boundaries for Clanker Cloud. Register version 2026-07-14.
How to use this register
This public register describes the Standard service. It is not a certification, DPA, BAA, CJIS agreement, residency commitment, or promise that every listed provider processes every customer’s data. A protected order identifies the approved subset, region, transfer mechanism, support access, notice process, and replacement procedure for that customer.
Cloudflare, Inc.
- Purpose
- Website delivery, Worker proxy, Workers AI voice transcription and speech using Whisper and Aura model calls, shared Standard sandboxes, and object storage.
- Data categories
- Network and request metadata; optional voice audio, transcript, and generated speech; Standard sandbox commands, files, and runtime data submitted by the customer.
- Location and transfer boundary
- Global shared service. Standard account region is not a residency guarantee. Contracted jurisdiction controls require separate written activation.
Supabase, Inc.
- Purpose
- Website waitlist collection and storage.
- Data categories
- Waitlist email, optional name and message, signup source, status, and submission metadata.
- Location and transfer boundary
- The waitlist project location and any international transfer follow the configured Supabase project and provider safeguards. People may request removal; if this provider changes, the register is updated and data is deleted or migrated under the retention policy and applicable contracts.
Google Cloud
- Purpose
- Standard account control plane and database, hosted-inference transport, temporary web-to-desktop remote relay, legacy GCP sandbox runtime or state where applicable, and future activated Secretary Pro protected or separately contracted sovereign environments.
- Data categories
- Account, authentication, security, service, and audit metadata; hosted-inference prompts and responses in control-plane memory while requests are handled; temporary remote instructions, status, and results in Cloud SQL under the disclosed retention schedule; legacy GCP sandbox commands, files, runtime data, and state where applicable. Protected customer data is accepted only after contracted activation.
- Location and transfer boundary
- The Standard control-plane location is configured operationally, is not a customer-selected placement, and is not a residency commitment; Google may process or support Standard data in other locations under its applicable terms and transfer safeguards. A protected processing region applies only when identified in signed terms and the environment is verified and active.
Google Gemini Developer API
- Purpose
- Standard hosted model inference.
- Data categories
- Prompt and conversation context sent for inference, generated response, and provider technical metadata.
- Location and transfer boundary
- Standard is not a protected environment for regulated clinical records or other regulated data. Protected processing requires a separately approved model service and written activation.
Google Identity Services
- Purpose
- Optional Google social sign-in.
- Data categories
- OAuth identifier and basic account profile fields authorized by the user.
- Location and transfer boundary
- Processed under Google’s applicable identity-service terms and transfer safeguards.
GitHub, Inc.
- Purpose
- Optional GitHub social sign-in.
- Data categories
- OAuth identifier and basic account profile fields authorized by the user.
- Location and transfer boundary
- Processed under GitHub’s applicable service terms and transfer safeguards.
Google Analytics
- Purpose
- Optional website measurement after affirmative opt-in.
- Data categories
- Page, interaction, approximate location, browser, and device metadata. No prompts, raw backend errors, credentials, or remote instructions.
- Location and transfer boundary
- Not loaded before opt-in. Users can withdraw consent from Cookie settings.
YouTube / Google video embeds
- Purpose
- Optional playback of public product videos after the visitor clicks the load control.
- Data categories
- Network address, browser and device metadata, and video interaction data received by Google/YouTube after loading.
- Location and transfer boundary
- Videos use youtube-nocookie.com and are not requested before the visitor clicks. YouTube remains an independent third-party service under its own terms and transfer safeguards.
Stripe, Inc.
- Purpose
- Payment processing and transaction administration.
- Data categories
- Payment, billing contact, transaction, fraud-prevention, and legally required records handled through Stripe.
- Location and transfer boundary
- Processed under Stripe’s applicable service terms, privacy commitments, and transfer safeguards.
Discuss DPA terms or a protected-environment schedule
Email support@novlabs.ai to discuss proposed DPA terms, detailed provider terms, transfer-mechanism information, or a protected architecture review. This page does not state that a DPA is already available or executed. No DPA applies until signed by authorized parties. Regulated-data, residency, and protected-environment commitments additionally require the identified environment to be verified and active.
Material register changes will be published here with a new version date. Contracted customers receive any additional notice and objection rights stated in their signed DPA or order.
When a provider is removed, affected data is deleted, returned, or migrated under the Privacy Policy and applicable contract. Waitlist participants can request removal at the same contact address.
