Subprocessors and Provider Categories
This public page gives category-level transparency for customers, privacy requests, billing, security, and operational review. Exact vendors can vary by feature, plan, region, model selection, provider availability, and account configuration. ASLAX only shares data needed to provide, secure, bill, support, moderate, or comply with legal obligations for the service.
| Category | Examples | Data involved |
|---|---|---|
| Hosting, CDN, and deployment | Vercel, Railway, and infrastructure providers used for frontend, backend, network, logs, and deployment operations. | IP address, request metadata, service logs, deployment metadata, and operational diagnostics. |
| Database, authentication, and storage | Supabase and storage/database providers used for accounts, auth, private assets, generated media records, and audit records. | Account data, authentication identifiers, uploaded files, generated asset metadata, consent records, and security logs. |
| Payments, tax, invoices, and fraud prevention | Stripe, Creem, Dodo Payments, Paddle, Lemon Squeezy, PayPal, or another active payment processor or merchant-of-record provider. | Checkout identifiers, billing contact details, tax/VAT details, invoice or receipt metadata, subscription state, payment status, refund/dispute metadata, and fraud signals. Full card data is handled by hosted checkout infrastructure. |
| AI model, moderation, and media processing | AI model, moderation, and media infrastructure providers such as OpenAI, Google/Gemini/Vertex, Replicate, fal.ai, Kling, Seedance, Creem moderation, or similar providers depending on the selected feature. | Prompts, uploaded inputs, reference media, generated outputs, model settings, safety classifications, provider request identifiers, and limited diagnostics needed to provide and protect the service. |
| Email, support, and customer communications | Transactional email, support ticket, notification, and customer communication providers. | Email address, message content, ticket metadata, attachments submitted to support, delivery status, and communication preferences. |
| Analytics, security, and reliability | Analytics, error monitoring, abuse-prevention, bot-protection, logging, and performance providers where enabled. | Cookie choices, device/browser metadata, IP-derived region, error reports, usage events, fraud/abuse signals, and aggregate product analytics. |
Users can download a data export from Settings and can request account deletion review. Deletion is reviewed before fulfillment so tax, fraud-prevention, chargeback, security, legal-hold, and abuse-prevention records are handled correctly.
Related pages: Privacy, DPA Information, Security, and Support.