Trust
Subprocessors
Last updated: April 22, 2026
To deliver DojoOS we use a small set of vetted service providers ("subprocessors") that may process customer data on our behalf. We update this page when we add or remove a vendor. By using DojoOS you acknowledge and consent to this list.
| Vendor | Purpose | Data processed | Region |
|---|---|---|---|
| Supabase (managed Postgres + Auth) | Primary application database, authentication, file storage | All gym, member, billing, and waiver data; account credentials (hashed) | United States |
| Cloudflare | Edge compute, CDN, DDoS protection | All HTTP traffic; logs include IP and user-agent | Global edge network |
| Stripe | Platform subscription billing and Stripe Connect for member payments | Names, emails, billing addresses, payment methods (tokenized) | United States |
| Resend | Transactional and notification email delivery | Recipient email, sender name, message content, delivery events | United States |
| Google (OAuth) | Optional Google sign-in for accounts | Email, name, OAuth identifier (only when a user chooses Google sign-in) | United States |
Notifications of changes
We will update this page at least 30 days before adding a new subprocessor that materially changes how customer data is processed. To receive notifications by email, contact us and ask to be added to the subprocessor change list.