Loading...
Every sub-processor TutorStudio uses, with processing purpose, data category, residency, contractual status and last review date. The register is reviewed at least quarterly; material additions are notified to active customers ahead of effect.
Last full register review: 2026-05-15.
| Processor | Purpose | Data category | Residency | DPA / SCC | Reviewed |
|---|---|---|---|---|---|
| Anthropic | AI inference for lesson summaries, classifier outputs and safeguarding-pattern detection. | Lesson notes, message excerpts, classifier inputs (PII-redacted before transit). | US / EU API regions (no training on customer data). | Article 28 DPA signed. UK IDTA + EU SCC in place. | 2026-05-15 |
| Mathpix | Handwriting OCR and equation digitisation for the whiteboard and archive pipelines. | Stroke vectors and image crops from the whiteboard / scanned archive (no learner identifiers). | US API region. | Article 28 DPA signed. UK IDTA + EU SCC in place. | 2026-05-15 |
| Deepgram | Live streaming transcription for real-time captions during lessons (Nova-3 model). | Live audio stream from lesson sessions (consent-gated); caption text transmitted to session UI only. | EU-region routing when available; fallback to US with SCC coverage. | Article 28 DPA in progress. UK IDTA + EU SCC in place; TIA in place for US fallback path. | 2026-05-15 |
| Yoti | Identity verification for tutors (Right-to-Work checks) and parents (account binding); age estimation for AADC compliance. | Identity verification documents, biometric checks, age estimates (no PII stored locally — Yoti retains original record). | UK jurisdiction (DIATF-certified Identity Service Provider). | Article 28 DPA in negotiation. UK IDTA; Yoti is UK-regulated Identity Service Provider. | 2026-05-15 |
| Stripe | Payment processing, Stripe Connect payouts to tutors, chargeback evidence. | Payment-card-adjacent metadata, payer name, payout-recipient details. | UK + EU processing (PCI-DSS Level 1). | Article 28 DPA signed (Stripe standard DPA). UK IDTA covered by Stripe standard DPA. | 2026-05-15 |
| Supabase | Managed Postgres database, authentication and storage primitives. | All customer-data tables, file uploads, auth identities. | EU region (Frankfurt) for primary database. | Article 28 DPA signed. Intra-EU — no cross-border transfer. | 2026-05-15 |
| Vercel | Application hosting, edge functions and image optimisation for the public site and product. | Request metadata; no customer database access. | EU edge regions; US control plane. | Article 28 DPA signed. UK IDTA + EU SCC in place for control-plane transfers. | 2026-05-15 |
| Cloudflare | DNS, edge DDoS protection, R2 object storage for cold archive, Email Workers for email-in. | Request metadata, archive object storage, inbound email payloads. | EU regions for R2 storage; global edge for DNS / WAF. | Article 28 DPA signed (Cloudflare standard DPA). UK IDTA covered by Cloudflare standard DPA. | 2026-05-15 |
| Hetzner | Whiteboard collaboration daemon (Yjs awareness) on a CCX13 instance in Falkenstein. | Whiteboard state vectors only; no persistent customer-data storage. | EU (Germany, Falkenstein). | Article 28 DPA signed. Intra-EU — no cross-border transfer. | 2026-05-15 |
| Resend | Transactional email delivery (invitations, digests, safeguarding notifications). | Recipient email address, message metadata, message body (PII boundary respected). | EU region. | Article 28 DPA signed. Intra-EU — no cross-border transfer. | 2026-05-15 |
| Sentry | Error monitoring across the product runtime (with PII redaction enforced). | Error stack traces, breadcrumbs (PII fields scrubbed at the SDK boundary). | EU region. | Article 28 DPA signed. Intra-EU — no cross-border transfer. | 2026-05-15 |
| PostHog | Product analytics (consent-gated, never loaded on under-18 surfaces). | Event metadata, anonymised session traces (PII fields excluded from the registry). | EU region. | Article 28 DPA signed. Intra-EU — no cross-border transfer. | 2026-05-15 |
| Stream.io | Live-session video, chat strip and call recording for the lesson room. | Session video / audio (consent-gated), chat messages, recording artefacts. | EU region for recording artefacts; global edge for low-latency transport. | Article 28 DPA signed. UK IDTA + EU SCC in place. | 2026-05-15 |
When we add a sub-processor, change a sub-processor’s scope of processing, or change a residency, we notify active customers ahead of effect. The notification carries the change, the date it takes effect, and the route for objection.