This page identifies the third-party service providers ("sub-processors") that Endymion Labs uses to operate TripGlow. Each entry describes the vendor's purpose, the data they receive, and where they process it.
We maintain data processing agreements (DPAs) with every vendor that handles personal data. For EU residents, transfers outside the EEA rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.
We may add or replace sub-processors as our infrastructure changes. Material additions will be communicated via the Privacy Policy update notice described in ยง9 of that document.
Clerk (United States) - handles sign-in via Apple Sign-In and Google Sign-In, account lifecycle (creation, deletion). Processes: name, email, unique identifier. https://clerk.com/legal/privacy
Apple, Inc. (United States) - processes all in-app purchases for iOS users via the App Store. We never see your payment instrument. Processes: anonymous transaction identifiers. https://www.apple.com/legal/privacy
RevenueCat (United States) - manages subscription state, renewal events, and entitlement checks. Processes: anonymous user ID, subscription status, transaction events. https://www.revenuecat.com/privacy
Expo (United States) - delivers push notifications to your device. Processes: device push tokens. https://expo.dev/privacy
Resend (United States) - sends transactional and notification emails, including welcome messages, trip invites, disruption alerts, digest emails, pre-trip reminders, and city-request operator alerts. Processes: recipient email address, message subject, message body, and delivery metadata. https://resend.com/legal/privacy-policy
OpenRouter (United States) - routes AI requests to supported model providers for chat, photo verification, photo moderation, trip planning, source discovery, and extraction workflows. Processes: chat conversation text, trip-planning context, photos submitted by users (after EXIF stripping where applicable), public web content, and model usage metadata. https://openrouter.ai/privacy
RunPod (United States) - provides GPU compute for self-hosted large language models used in disruption-signal extraction. Processes: scraped public web content; does not receive user-submitted personal data. https://www.runpod.io/legal/privacy-policy
Mapbox (United States) - powers place search suggestions, place detail retrieval, and client-side interactive maps. Processes: search query, optional approximate proximity coordinates, map interaction metadata, selected place identifiers, and map tile requests. https://www.mapbox.com/legal/privacy
HERE Technologies (Netherlands / global) - calculates walking, driving, and transit routes for trip planning. Processes: origin and destination coordinates, travel mode, route timing, and route geometry returned to TripGlow. https://legal.here.com/privacy/policy
Google Maps Platform / Places API (United States) - enriches attraction records with public place details and helps match user-added Mapbox places to Google Place identifiers. Processes: attraction names, place identifiers, and place coordinates; no TripGlow user identifier is sent. https://policies.google.com/privacy
Cloudflare R2 (United States, region "auto") - object storage for user-submitted photos (with EXIF stripped before write), captured page content, and other binary assets. Processes: photo binaries, captured HTML/JSON. https://www.cloudflare.com/privacypolicy/
BrightData (Israel / United States) - residential proxy network used to fetch public attraction web pages on our behalf. Processes outbound scraping requests; does not receive user personal data. https://brightdata.com/privacy
Bluesky Social (United States) - public AT Protocol API consumed to monitor public posts for disruption-relevant signals. We send no user personal data; we only read public content. https://bsky.social/about/support/privacy-policy
GTFS feed providers (varies by city) - public transit authorities (e.g., NYC MTA, RATP Paris, ATAC Rome) publish General Transit Feed Specification feeds. We consume these feeds as public data. No user data is sent. Each provider's terms apply to their feed.
Sentry (United States) - error and performance monitoring. May incidentally process: user identifiers in error traces, request paths, stack traces. We scrub known PII fields client-side before send. https://sentry.io/privacy/
PostHog (United States) - product analytics, including feature usage and session flow. Processes: pseudonymous user identifier, app events, device metadata. https://posthog.com/privacy
For questions about this list, including current DPA copies for your jurisdiction, contact [email protected].