Sub-processors for Rekomi

Sub-processors

The third-party services Rekomi relies on to provide the platform, what each does, and the personal data shared with it. We give customers advance notice before adding a new sub-processor.

Updated 2026-06-21

Current sub-processors

This list reflects the sub-processors in use as of the date above. It is the authoritative list referenced by our DPA and Privacy Policy.

Sub-processor	Purpose	Personal data shared
Clerk	Authentication and session management	Account identity (email, name), authentication metadata
Stripe (incl. Stripe Connect and Express)	Subscription billing, conversion and refund webhooks, and affiliate payouts	Billing details, payout identity and bank details, affiliate tax forms (held by Stripe), customer and conversion data
Paddle (rolling out)	Conversion and refund tracking for brands who connect their own Paddle Billing account (not yet processing for connected accounts)	When live: customer and order identifiers and sale and refund amounts received from the brand’s Paddle account; the brand’s Paddle credentials are stored encrypted at rest
PayPal (rolling out)	Affiliate payout rail for countries Stripe Express does not cover (not yet processing payouts)	When live: affiliate PayPal email and payout amounts
Resend	Transactional and lifecycle email delivery	Recipient email address and message content
Cloudflare	DNS, CDN, edge tracking, bot detection, and custom tracking and portal hostnames	Request metadata, IP address, user agent, bot score
DigitalOcean	Application hosting and private object storage (Spaces) for uploaded files such as affiliate tax forms	Uploaded documents (for example W-8 tax forms) and application data in transit through hosting
Managed PostgreSQL and Redis	Primary application database and cache	All application data, including account, affiliate, conversion, and payout records
Sentry	Error and performance monitoring	Diagnostic data, scrubbed of personal data before transmission where feasible; IP and user agent
PostHog (opt-in)	Product analytics, enabled only with analytics-cookie consent	Usage events and device or session identifiers
Google Analytics 4 (opt-in)	Aggregate traffic and marketing attribution, enabled only with analytics-cookie consent	Aggregate usage and traffic data; IP addresses are anonymized by Google before storage
Intercom (opt-in)	Support chat, loaded only with marketing-cookie consent	Support conversation content and contact details you provide
Anthropic (opt-in)	AI features (Claude), enabled per organization	The content you submit to an AI feature; not used to train models without your consent

Data residency

Our default processing region is the United States. Sub-processors may operate globally; where personal data is transferred out of the EEA or UK, our DPA relies on Standard Contractual Clauses and the UK International Data Transfer Addendum.

Changes

We give customers advance notice before we add or replace a sub-processor that processes personal data, and the “Updated” date above reflects the current list. To raise a concern about a sub-processor, contact support@rekomi.com.

Sub-processors

The third-party services Rekomi relies on to provide the platform, what each does, and the personal data shared with it. We give customers advance notice before adding a new sub-processor.

Updated 2026-06-21

Current sub-processors

This list reflects the sub-processors in use as of the date above. It is the authoritative list referenced by our DPA and Privacy Policy.

Sub-processor	Purpose	Personal data shared
Clerk	Authentication and session management	Account identity (email, name), authentication metadata
Stripe (incl. Stripe Connect and Express)	Subscription billing, conversion and refund webhooks, and affiliate payouts	Billing details, payout identity and bank details, affiliate tax forms (held by Stripe), customer and conversion data
Paddle (rolling out)	Conversion and refund tracking for brands who connect their own Paddle Billing account (not yet processing for connected accounts)	When live: customer and order identifiers and sale and refund amounts received from the brand’s Paddle account; the brand’s Paddle credentials are stored encrypted at rest
PayPal (rolling out)	Affiliate payout rail for countries Stripe Express does not cover (not yet processing payouts)	When live: affiliate PayPal email and payout amounts
Resend	Transactional and lifecycle email delivery	Recipient email address and message content
Cloudflare	DNS, CDN, edge tracking, bot detection, and custom tracking and portal hostnames	Request metadata, IP address, user agent, bot score
DigitalOcean	Application hosting and private object storage (Spaces) for uploaded files such as affiliate tax forms	Uploaded documents (for example W-8 tax forms) and application data in transit through hosting
Managed PostgreSQL and Redis	Primary application database and cache	All application data, including account, affiliate, conversion, and payout records
Sentry	Error and performance monitoring	Diagnostic data, scrubbed of personal data before transmission where feasible; IP and user agent
PostHog (opt-in)	Product analytics, enabled only with analytics-cookie consent	Usage events and device or session identifiers
Google Analytics 4 (opt-in)	Aggregate traffic and marketing attribution, enabled only with analytics-cookie consent	Aggregate usage and traffic data; IP addresses are anonymized by Google before storage
Intercom (opt-in)	Support chat, loaded only with marketing-cookie consent	Support conversation content and contact details you provide
Anthropic (opt-in)	AI features (Claude), enabled per organization	The content you submit to an AI feature; not used to train models without your consent