Legal

Subprocessors

Last updated: May 2026

The following third parties process personal data on Verixa's behalf to deliver the service. Each is contractually bound by a Data Processing Agreement and engaged only to the extent necessary for the stated purpose.

We will update this list when subprocessors are added or removed. Material changes are communicated to administrators via in-app notice at least 30 days in advance where required by GDPR Art. 28.

SubprocessorPurposeRegion
Supabase (via Lovable Cloud)Managed Postgres, authentication, object storage, realtimeUnited States / EU
CloudflareEdge hosting, CDN, DDoS protection, Worker runtime for server functionsGlobal edge
StripeSubscription billing, marketplace payouts (Stripe Connect), identity verificationUnited States / EU
Lovable AI GatewayRouting AI inference requests to Google and OpenAI modelsUnited States / EU
Google (Gemini, Maps)AI inference for drafting and search; maps for practitioner directoryUnited States / EU
OpenAIAI inference for select drafting and analysis featuresUnited States
SearchAPIAggregated public patent and grant record searchUnited States
Resend (transactional email)Account, billing, collaboration, and notification emailUnited States / EU

International transfers

Where personal data leaves the EEA, transfers rely on the EU Standard Contractual Clauses (2021/914) or equivalent safeguards. Verixa monitors adequacy decisions and updates contracts accordingly.

Questions

Email privacy@verixaai.com to request our current Data Processing Agreement or to ask about a specific subprocessor.