Last reviewed May 5, 2026
This page lists third-party vendors that may process personal data for Edura when we provide the platform. We maintain it as the public register referenced by our Privacy Policy and Data Processing Agreement.
| Provider | Service | Data processed | Region | DPA / SCC status |
|---|---|---|---|---|
| Supabase | Database hosting and authentication | Account data, education profile data, user-generated content, authentication metadata | United States | Vendor DPA / SCCs |
| Vercel | Web hosting and deployment | Request metadata, IP addresses, logs, deployment diagnostics | United States / global edge network | Vendor DPA / SCCs |
| Stripe | Payment processing | Billing contact details, payment metadata, transaction records | United States | Vendor DPA / SCCs |
| OpenAI | AI model processing | AI messages, conversation context, user-provided educational context | United States | Vendor DPA / SCCs |
| Anthropic | AI model processing | AI messages, conversation context, user-provided educational context | United States | Vendor DPA / SCCs |
| Sentry | Error monitoring and performance diagnostics | Error logs, IP address, account email when signed in, masked replay diagnostics | United States | Vendor DPA / SCCs |
| PostHog | Product analytics and session replay | Pageviews, click events, distinct ID, account email when signed in, masked replay data | United States | Vendor DPA / SCCs |
| OAuth, Places API, and Drive integrations | OAuth profile data, location queries, imported file metadata and contents when connected | United States / global infrastructure | Vendor DPA / SCCs where applicable | |
| Mapbox | Maps and geocoding | Location queries, map interaction metadata | United States | Vendor DPA / SCCs |
| Resend | Transactional email delivery | Email addresses, message content, delivery events | United States | Vendor DPA / SCCs |
We review subprocessors before use and update this page when we add, replace, or materially change a provider that processes personal data. Organization customers using Edura under a DPA may object to a new subprocessor within 30 days of notice if the change creates a reasonable data protection concern.
If an objection cannot be resolved, the organization may stop using the affected service or terminate the applicable agreement as described in the DPA.
Questions about subprocessors or organization data processing can be sent to support@getedura.com.