Sub-processors
Overview
Aurora Coach uses third-party service providers ("Sub-processors") to assist in providing the Service. These Sub-processors process Personal Data on our behalf and are bound by contractual obligations to maintain the confidentiality and security of that data.
This page lists our current Sub-processors as required under our Data Processing Agreement (Section 6) and applicable data protection laws including the GDPR.
Current Sub-processors
| Sub-processor | Purpose | Location | Data Processing | Terms |
|---|---|---|---|---|
| Anthropic, PBC | AI Processing | United States | Processes coaching interactions to generate AI recommendations. Data is processed in real-time and not retained for model training. Anthropic is contractually prohibited from using Personal Data to train or improve their AI models. | Terms |
| Salesforce, Inc. (Heroku) | Cloud Infrastructure | European Union | Hosts our application and databases. All Personal Data is stored and processed within EU data centers. Provides computing, storage, and database services. | Terms |
| Stripe, Inc. | Payment Processing | United States / European Union | Processes subscription payments and billing. Handles payment card data in compliance with PCI-DSS. EU customer payment data is processed within the EU where possible. | Terms |
| Cloudflare, Inc. | CDN, DDoS Protection, WAF | United States / Global | Provides content delivery, DDoS mitigation, and web application firewall services. Proxies and inspects web traffic for security threats. Traffic is processed at the nearest data center to the user; EU users' traffic is processed within EU data centers. | Terms |
Data Protection Measures
All Sub-processors are subject to:
- Written agreements imposing data protection obligations no less protective than those in our Data Processing Agreement
- Standard Contractual Clauses (SCCs) or equivalent safeguards for international data transfers
- Due diligence on security and privacy practices
Changes to Sub-processors
In accordance with our Terms of Service, we will notify customers at least 30 days in advance before adding or replacing Sub-processors. Notifications will be sent to the email address associated with your account.
If you have concerns about a new Sub-processor, you may object by contacting us within the notification period. We will work with you to address your concerns or, if we cannot resolve them, you may terminate your subscription in accordance with our Terms of Service.
Update History
- February 3, 2026: Added Cloudflare, Inc. (CDN, DDoS Protection, WAF)
- January 12, 2026: Updated Data Protection Measures to align with DPA
- January 9, 2026: Initial publication of Sub-processor list
Contact
For questions about our Sub-processors or data processing practices, please contact:
- Email: [email protected]
- Legal inquiries: [email protected]