Weblyzo

Sub-processors

Last updated: April 9, 2026 路 We will notify all customers by email at least 30 days before adding or changing a sub-processor, as described in our Data Processing Agreement.

Google Cloud / Firebase

europe-north1 (European Union (europe-north1))
Purpose
Database (Firestore), authentication, hosting infrastructure
Data processed
All analytics events, user accounts, reports, site configurations

Anthropic

United States (with SCCs)
Purpose
AI-powered analysis and insights generation (Claude API)
Data processed
Aggregated, non-identifying website metrics (scores, page counts, performance data). No visitor PII is sent.
Important note
Does not use API data for model training by default. Data retained per session only.

Browserless.io

United States (with SCCs)
Purpose
Headless browser rendering for website analysis
Data processed
Public website URLs submitted for analysis

Resend

United States (with SCCs)
Purpose
Transactional email delivery (reports, notifications)
Data processed
Customer email addresses, email content (reports, digests)

Stripe

United States / Ireland (with SCCs)
Purpose
Payment processing and subscription management
Data processed
Customer email, subscription status, payment metadata. Stripe handles all card data directly.

Upstash

EU (Frankfurt)
Purpose
Rate limiting and caching (Redis)
Data processed
Request counts, rate limit keys (hashed identifiers). No PII.

OpenPageRank API

United States
Purpose
Domain authority scores for competitive analysis
Data processed
Public domain names only
Important note
Only public domain names are sent. No customer or visitor data.

Questions?

If you have questions about our sub-processors or wish to object to a change, contact us at privacy@weblyzo.com.