Sub-Processors
Effective Date: June 1, 2026
Conelo uses the third-party service providers listed below to operate the Service. Each is bound by either a written Data Processing Agreement or, where indicated, terms that govern how it may use the data Conelo sends. We update this list when sub-processors change.
Active sub-processors
| Vendor | Purpose | Primary hosting region | Data Processing Agreement |
|---|---|---|---|
| Stripe | Held-funds payments via Stripe Connect; Expert payout onboarding and tax reporting | United States, with global affiliates | stripe.com/legal/dpa |
| Resend | Transactional email (verification, password reset, booking confirmations, etc.) | United States | resend.com/legal/dpa |
| Vercel | Application hosting, Edge middleware, Vercel Blob storage for uploaded media | United States primary, global edge | vercel.com/legal/dpa |
| Neon | Managed PostgreSQL database (canonical user, profile, and engagement records) | AWS, United States | neon.com/dpa |
| Upstash | Redis used for rate-limiting (auth, signup, support, media uploads) | Multi-region edge | upstash.com/trust/dpa.pdf |
| PostHog | Product analytics and feature usage | United States | posthog.com/dpa |
| Google (Workspace and Cloud) | Google Calendar and Google Meet APIs for scheduled video sessions | Global, configurable | cloud.google.com/terms/data-processing-addendum |
| OpenID Connect sign-in (Experts and Buyers who use "Continue with LinkedIn") | United States | linkedin.com/legal/l/dpa | |
| Google Fonts | Web font delivery for the Conelo brand typefaces | Global | developers.google.com/fonts/faq/privacy |
| Fontshare | Web font delivery for Satoshi (body sans) | Global | fontshare.com/legal/privacy-policy |
| jsDelivr | Public CDN used to deliver the PDF.js worker for in-product PDF previews | Global | jsdelivr.com/terms/privacy-policy |
How we choose sub-processors
We pick service providers based on operational fit, security posture, and the contractual commitments they make to data protection (SCCs for international transfers, sub-processor disclosure, breach notification timelines). Sub-processors that handle personal data are bound by written agreements that require them to process data only on Conelo's instructions and to safeguard it appropriately.
Notification of changes
If we add a new sub-processor or remove an existing one, we update this page. Material changes that affect categories of personal data we share will be communicated by email and reflected in a new Effective Date on this page.
Questions
For questions about a specific sub-processor, the data it handles, or its compliance status, contact us at support@conelo.co.