Sub-processors
Last updated: January 31, 2026
Kaneto uses trusted third-party service providers ("sub-processors") to help deliver our Service. This page lists all sub-processors that may process personal data on our behalf.
All sub-processors are bound by data processing agreements that require them to protect your data in accordance with applicable data protection laws, including the GDPR.
Sub-processor Changes
We will update this list when we add or remove sub-processors. If you have subscribed to a plan that includes data processing agreement (DPA) terms, you will receive email notification of any changes at least 30 days in advance.
Current Sub-processors
| Service Provider | Purpose | Data Processed | Location | GDPR |
|---|---|---|---|---|
Supabase Privacy Policy | Database, Authentication, File Storage | All user data, files, authentication tokens | EU (Frankfurt, Germany) | |
Google Cloud Vision API Privacy Policy | Receipt/Invoice OCR scanning | Images of receipts uploaded by users | United States | |
Google Gemini API Privacy Policy | AI-powered text analysis (receipt extraction, voice commands, meeting summaries) | Text content: receipt details, voice transcripts, meeting notes | United States | |
Google Calendar API Privacy Policy | Calendar synchronization | Meeting titles, dates, locations, descriptions | United States | |
Google Maps Platform Privacy Policy | Location autocomplete, geocoding, maps display | Addresses, location coordinates | United States | |
Open-Meteo Privacy Policy | Weather data for site visits | Location coordinates only (no personal data) | EU (Germany) |
International Data Transfers
When we transfer personal data to sub-processors located outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): We use EU Commission-approved standard contractual clauses with all non-EU sub-processors.
- Data Processing Agreements: All sub-processors are bound by comprehensive DPAs that meet GDPR requirements.
- Transfer Impact Assessments: We conduct assessments to ensure adequate protection in the destination country.
- Additional Safeguards: Where necessary, we implement supplementary technical and organizational measures.
Sub-processor Categories
Infrastructure
Providers of cloud hosting, database, storage, and authentication services that form the core infrastructure of our Service.
AI & Machine Learning
Services that power our intelligent features like receipt scanning, voice commands, and meeting summaries.
Integrations
Third-party services we integrate with to provide additional functionality like calendar sync and location services.
Data Services
Services providing supplementary data like weather information to enhance your project records.
Your Rights
You have the right to:
- Object to the use of specific sub-processors
- Request information about the safeguards in place for data transfers
- Request a copy of our Data Processing Agreement (DPA)
- Request a copy of the SCCs we use with sub-processors
To exercise these rights or ask questions, contact us at privacy@kaneto.io.
Data Processing Agreement
If your organization requires a Data Processing Agreement (DPA) with Kaneto, please contact us at legal@kaneto.io. We offer a standard DPA that complies with GDPR Article 28 requirements.