Boyevi relies on the third parties listed below to operate the Service. Each subprocessor acts under our instructions and is bound by a data processing agreement. For data transfers outside the EEA, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions.
Last updated 4 May 2026. We notify Customers covered by the DPA at least 30 days before adding a new subprocessor.
| Subprocessor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Stripe, Inc. | Payment processing & subscription management | United States, Ireland | SCCs + EU-US Data Privacy Framework |
| OpenAI, L.L.C. | AI-powered analysis (LLM inference) | United States | SCCs + EU-US Data Privacy Framework |
| Resend (Drestack, Inc.) | Transactional email delivery (welcome, invitations, password reset) | United States | SCCs |
| Functional Software, Inc. (Sentry) | Application error monitoring & performance metrics | United States | SCCs |
| Google LLC (OAuth) | Single sign-on via Google account (when user opts in) | United States, EU | SCCs + EU-US Data Privacy Framework |
| Vercel, Inc. | Frontend hosting & CDN (when frontend is deployed there) | United States, Multiple regions | SCCs + EU-US Data Privacy Framework |
Questions? Contact privacy@boyevi.com.
Document version v1.0 — provisional and subject to revision. Any material change will be communicated by email at least 30 days before taking effect.