Legal policy
Subprocessors
Core third-party providers Vibeler uses to host, process, secure, deliver, and support the Services.
Draft for lawyer review: This page is a practical Vibeler policy draft, localized for Canadian requirements where relevant. It is not legal advice and should be reviewed by counsel before launch or enforcement.
Jump to section
1. Draft status
This Subprocessors page is a practical operating draft and must be reviewed before launch. The list should be confirmed against production vendors, contracts, regions, and data processing terms before publication.
2. Current core subprocessors
- DigitalOcean: app hosting, backend/frontend infrastructure, managed compute, databases, workers, network operations, and related service hosting.
- Cloudflare and Cloudflare R2: object storage, media storage, signed media support, custom-domain/SaaS hostname infrastructure, DNS or edge services where configured.
- Stripe: payment processing, subscriptions, Connect onboarding, payouts, invoicing, card/payment method handling, fraud screening, disputes, and chargebacks.
- SendGrid: transactional email, newsletter sending, delivery events, bounce/drop/spam/unsubscribe signals, and email templates.
- OpenAI: text generation for creator AI tools, including prompts, selected context, generated drafts, and operational metadata needed to provide AI features.
- GitHub/GHCR: source control, CI/CD, container image build and registry workflows. Production secrets and user content exposure should be verified before launch.
3. Changes to subprocessors
Vibeler may add, replace, or remove subprocessors as the Services evolve. Material changes should be documented and, where required by contract or law, communicated with reasonable notice.
4. Creator data responsibilities
Creators who collect, upload, or message audience members through Vibeler should review this list and determine whether their own privacy notices, contracts, consent language, or data processing arrangements need updates.