Fluera

Sub-processors

Every third party we rely on.

Under GDPR Art. 28, every sub-processor that handles personal data on our behalf is listed here — what we share, why, and where it lives. We notify customers of changes before they take effect.

Last updated: 2026-04-20

  • Supabase Inc.

    Privacy policy ↗
    Purpose
    Database, authentication, encrypted cloud storage, realtime signalling, AI proxy Edge Functions.
    Data shared
    Account email, hashed user ID, canvas ciphertext (E2E encrypted), sync metadata.
    Region
    Frankfurt, EU (default region for Fluera instances).

  • Google LLC

    Privacy policy ↗
    Purpose
    Google Generative AI (Gemini) for Socratic mode, Ghost Map, LaTeX OCR, and exam-session generation.
    Data shared
    Selected canvas text portions (only when AI features are consented and used). Never the full notebook.
    Region
    US, EU via Google Cloud regions; SCC + EU-US DPF.

  • Apple Inc.

    Privacy policy ↗
    Purpose
    Sign in with Apple authentication; App Store in-app purchases on iOS and macOS.
    Data shared
    Apple ID email relay, receipt identifiers. No canvas data.
    Region
    US; SCC + EU-US DPF.

  • RevenueCat Inc.

    Privacy policy ↗
    Purpose
    Subscription management and receipt validation across iOS, Android, and web.
    Data shared
    Anonymised RevenueCat user ID, subscription status, receipt metadata. No payment card data.
    Region
    US; SCC + EU-US DPF.

  • Functional Software Inc. (Sentry)

    Privacy policy ↗
    Purpose
    Crash reporting and error monitoring.
    Data shared
    Stack traces, OS version, device model, app version. sendDefaultPii is explicitly disabled — no user content.
    Region
    US, EU options available.

  • Vercel Inc.

    Privacy policy ↗
    Purpose
    Hosting of fluera.dev marketing site and /docs.
    Data shared
    Standard web access logs (IP, user-agent). No account content.
    Region
    Global edge; origin region configurable.

Changes and notifications

We update this list whenever a sub-processor is added, changed, or removed. Education and enterprise customers receive email notice at least 30 days before the change takes effect, per Art. 28(2) GDPR.

To subscribe to sub-processor change notifications, email privacy@fluera.dev from the address on your account.