sub-processors · v0
sub-processors
last updated: 2026-05-20 · effective: TBD
v0 — pending counsel review. reflects current panel practices. wording may change after legal review. questions:
privacy@goku.codes.sub-processors are third parties we use to operate panel. operators on a paid plan receive 30 days' email notice before any addition or material change per the DPA.
active
| vendor | purpose | data | region | terms |
|---|---|---|---|---|
| Oracle Cloud Infrastructure | hosting (compute, storage, network) | all panel data at rest + in motion | Frankfurt, DE | DPA |
| Let's Encrypt (ISRG) | TLS certificate issuance | domain name only | US | repository |
| GitHub | source code hosting | code only, no production data | US | DPA |
sibling internal services (same trust boundary)
| service | purpose | data | location |
|---|---|---|---|
| scrubber-proxy | PII/secret sanitization before a unit reaches a rater | operator-submitted unit content | same host, Frankfurt |
planned (not yet active)
| vendor | when | purpose | DPA |
|---|---|---|---|
| Stripe | first paid plan | payments + invoicing | DPA |
| Postmark / AWS SES | first transactional email | operator email, verification mails | DPA |
| Cloudflare | if CDN/WAF added | request metadata, IP | DPA |
| Sentry / equivalent | if error tracking added | scrubbed stack traces | DPA |
evaluated and rejected
- Google Analytics / GA4 — EU transfer + consent overhead; privacy-respecting alternative (Plausible/Umami self-hosted) preferred.
- Hotjar / FullStory — session replay = behavioral biometrics; incompatible with the panel data posture.
notice + objection
paid operators receive 30 days' advance email notice for additions or material changes. operators may object in writing; if unresolved, the operator may terminate per the DPA. list reviewed quarterly.