Legal
Subprocessors
Last updated: June 19, 2026
This document is provided for transparency and operational use. It is not legal advice. Have a qualified attorney review before relying on it for regulated industries, EU/UK hospitality groups, healthcare, financial services, or international markets.
Primagery AI uses the following categories of third-party subprocessors to deliver the Services. This list is provided for transparency under GDPR Article 28 and client diligence requests. We require subprocessors to protect personal data under contractual obligations.
Updates: We will update this page when we add or replace subprocessors with material impact. Enterprise clients may subscribe to change notifications via info@primagery.com.
| Subprocessor | Purpose | Processing location | Data processed |
|---|---|---|---|
| Vercel Inc. | Application hosting, edge network, serverless functions, deployment | United States (global edge) | Application logs, request metadata, environment configuration |
| Neon Tech Inc. | Managed PostgreSQL database | United States (region configurable) | Account data, Client Data stored in application tables |
| Vercel Blob Storage | Document vault object storage (when enabled) | United States | Uploaded files and associated metadata |
| Resend Inc. | Transactional email delivery | United States | Recipient email, message content, delivery events |
| Upstash Inc. | Distributed rate limiting / Redis (when configured) | United States / EU (region dependent) | IP hashes, rate-limit counters |
| Stripe Inc. | Payment processing (when used) | United States / global | Billing contact, payment method tokens — card data on Stripe |
| AI model providers (e.g., OpenAI, Anthropic — when enabled) | AI-assisted operator tools | United States | Prompts and context limited to feature scope; training opt-out where available |
Additional subprocessors
Clients may enable or request integrations (analytics, CRM, hospitality PMS, etc.) that act as separate processors under the Client's control. Those relationships are outside this default list unless Primagery operates the integration centrally.
Security and compliance documentation
SOC 2 reports, penetration test summaries, or security questionnaire responses may be available under NDA for qualified clients. Contact info@primagery.com.