Legal
Subprocessors
Effective January 29, 2026
This page lists all third-party subprocessors that NectorPay engages to process personal data on its behalf. NectorPay is committed to transparency about data processing and will notify customers of any changes to this list.
About Subprocessors
Under the GDPR and other data protection laws, NectorPay (as a data processor) is required to:
- Disclose all subprocessors to customers
- Ensure subprocessors are bound by data processing agreements
- Notify customers of any changes to the subprocessor list
- Allow customers to object to new subprocessors on reasonable grounds
Current Subprocessors
Supabase
Cloud database hosting, data storage, retrieval, and backup
Data Processed
All customer data, contractor profiles, invoices, payments, audit logs, personal data
Location(s)
- EU (Ireland)
- US (optional)
Stripe
Payment processing and subscription billing
Data Processed
Email, company name, subscription data, payment method (processed securely)
Location(s)
- US
- EU
Sentry
Error monitoring, crash reporting, and security event logging
Data Processed
Error logs, session data, user agents (sensitive data filtered)
Location(s)
- US
- EU
Resend
Email delivery and transactional notifications
Data Processed
Email addresses, email content, notification metadata
Location(s)
- US
Open Exchange Rates (FX Rate Provider)
Foreign exchange rate data for currency conversion
Data Processed
Currency pairs, conversion rates (no personal data)
Location(s)
- US
Google OAuth (Authentication)
User authentication and sign-in
Data Processed
Email, name, profile picture (when signing in with Google)
Location(s)
- US
- Global
Objections to Subprocessors
If you object to the use of a subprocessor on reasonable grounds:
- Notify us within 30 days of receiving notification of the subprocessor change
- Clearly state your grounds for objection
- Send your objection to [email protected]
- We will work with you to resolve the matter. If unresolved, you may terminate your account without penalty
Data Processing Agreements
All subprocessors listed above are bound by written data processing agreements that require them to:
- Process personal data only on NectorPay's instructions
- Maintain confidentiality and security measures
- Not engage sub-subprocessors without authorization
- Assist with data subject rights requests
- Delete or return data upon request
Changes to This List
NectorPay will notify customers via email and in-product notification at least 30 days before adding or removing subprocessors. The effective date and version history of this page can be found at the top.
Questions?
For questions about subprocessors or data processing, contact us at [email protected].