Current subprocessors and service partners

This page describes the main third-party services Vorasense may rely on to operate the product. The exact provider path can vary by feature, environment, and analysis route.

1. Scope and purpose

  • Vorasense uses a small set of contracted service providers for infrastructure, AI analysis, billing, and sign-in.
  • This page is informational and may change as Vorasense changes providers or configurations. The Privacy Policy and applicable contracts govern how data is processed.
  • If you need the current processor path for your deployment or have a privacy question, contact [email protected].

2. Infrastructure and AI processing

  • Google Gemini API paid service: Intended launch baseline for documented AI analysis routes once the production evidence pack is complete.
  • Candidate AI providers such as AWS Bedrock, OpenAI, OpenRouter, Anthropic, or Codex may only be used for production customer content after a provider/model change review and an updated compliance matrix.
  • Provider routing can differ by analysis mode such as manual analysis, immediate auto-scan, batched auto-scan, synthetic testing, or benchmarking.
  • Configured AI processors may receive message fragments, prompt context, device and request metadata, and analysis-related fields required to generate a result. Provider retention, transfer, and no-training controls depend on the documented production route.

3. Billing and identity

  • Paddle: Processes billing, subscription, invoice, and payment-related account data as Merchant of Record.
  • OAuth identity providers such as Google, Apple, Microsoft, or Facebook: Process sign-in requests and identity data only when you choose those sign-in methods.
  • Cloudflare Turnstile: May process limited anti-abuse metadata for registration, waitlist, and organisation forms.
  • Firebase Cloud Messaging and APNS: May process push tokens, device metadata, and synthetic test-notification payloads for Android/iOS notification paths where enabled.
  • Email providers and transactional delivery infrastructure may process support or account communication metadata when Vorasense sends service emails.

4. Data categories and safeguards

  • Depending on the feature used, subprocessors may process account data, device identifiers, technical request metadata, billing data, and message content needed for fraud analysis.
  • Vorasense aims to minimize what is retained on its own servers and to use provider-specific retention and security controls where available.
  • Some processor paths may involve transfers or remote processing outside Sweden or the EU/EEA depending on provider, endpoint, and regional configuration.
  • Vorasense should update this page when a material processor or processing path changes.