Back to Legal Center

Purpose:Labs Subprocessors

This page lists all third-party service providers (subprocessors) who process personal data on behalf of Purpose:Labs. We carefully select partners who meet our high standards for security, privacy, and compliance.

Data Protection Standards

All subprocessors listed below are required to maintain appropriate technical and organizational measures to protect personal data, comply with applicable data protection laws (including GDPR, CCPA, and PIPEDA), and have signed data processing agreements with Purpose:Labs.

Vercel, Inc.

Processing Location: Germany, USA, Singapore

Description of processing:

Vercel provides hosting infrastructure, content delivery network (CDN), and serverless function execution for our platform. They handle static asset delivery and application hosting.

Convex, Inc.

Processing Location: USA, Europe (from late 2025)

Description of processing:

Convex serves as our primary database and backend infrastructure provider. They handle data storage, real-time synchronization, and database operations for user data and application state.

Clerk, Inc.

Processing Location: USA

Description of processing:

Clerk provides authentication and user management services. They process user authentication data, session management, and user identity verification for secure access to our platform.

OpenAI, L.L.C.

Processing Location: USA

Description of processing:

OpenAI provides artificial intelligence and natural language processing services for our AI coaching features. They process user interactions and generate AI-powered coaching responses and insights.

Stripe, Inc.

Processing Location: USA

Description of processing:

Stripe processes payment transactions and billing information for our subscription and coaching services. They handle payment card data and transaction processing securely.

Data Processing Agreements

Purpose:Labs has entered into data processing agreements (DPAs) with all subprocessors listed above. These agreements ensure that:

  • Personal data is processed only for the purposes specified in our Privacy Policy
  • Appropriate security measures are implemented and maintained
  • Data is deleted or returned when the service relationship ends
  • Subprocessors assist with data subject rights requests when required

International Data Transfers

Some of our subprocessors are located in the United States. We ensure that international transfers of personal data comply with applicable data protection laws through:

EU-US Data Privacy Framework (DPF)

Our US-based subprocessors are certified under DPF

Standard Contractual Clauses (SCCs)

Additional contractual safeguards for data transfers

Strong encryption

Data is encrypted in transit (TLS 1.3) and at rest (AES-256)

Updates to This List

We may update this subprocessor list from time to time as we add or change service providers. We will notify users of material changes to our subprocessor arrangements in accordance with our Privacy Policy. For questions about our subprocessors, please contact us at connect@purposelabs.ai

Last updated: August 18, 2025