Legal
Subprocessors
Effective 2026-04-18
These are the third parties that handle personal data on behalf of Nisatsu. We notify users of material changes to this list before they take effect. See our Privacy Policy for the broader context.
| Provider | Purpose | Data categories | Location |
|---|---|---|---|
| Stytch | Passwordless authentication (email magic links, SMS OTP, OAuth). | Email, phone number, OAuth identity assertions, auth session tokens, IP. | United States |
| Stripe | Payment processing and subscription billing. | Stripe customer ID, subscription state, card data (held by Stripe, not us), billing contact info. | United States (with EU entity for EU customers) |
| OpenAI | AI-generated stories, content moderation of user topics, lazy translation of story titles, part-of-speech enrichment for vocabulary, and text-to-speech audio. | A learner vocabulary sample (up to ~120 words) and the chosen native/target language for story generation; user-supplied topic prose (run through the moderation endpoint and again on the generated output); interest tags and learning goal when used to derive a topic; the story title and target language for translation; the target-language word and its meaning for part-of-speech lookups; the sentence text passed to text-to-speech. No account identifiers (email, phone, name, IP, internal user ID) are forwarded. | United States |
| Neon (Postgres hosting) | Primary application database. | All account, learning, subscription, and analytics data at rest. | Configurable region; default United States or EU. |
| Upstash | Redis-backed rate limiting and abuse controls. | Hashed/prefixed rate-limit keys (e.g. user ID, IP, phone) and counters. No PII bodies. | Configurable region; default United States. |
| Sentry | Server-side and client-side error monitoring. | Stack traces, request paths, an internal user ID tag. PII is scrubbed before send. | United States |
| Expo (EAS) + Apple APNs + Google FCM | Mobile push notification delivery. | Expo push tokens and notification payloads (e.g. "Today's word: 猫"). | United States |
| Vercel | Hosting the Nisatsu web app and API. | Request metadata and logs as part of normal hosting. | Global edge; storage primarily United States. |
International transfers rely on standard contractual clauses or equivalent safeguards provided by each subprocessor.