Sub-processors
Last updated: 2026-05-13
GovLens, operated by Trelvio Technology OU, uses the following sub-processors to provide its services. Each sub-processor is bound by a data processing agreement compliant with GDPR Article 28. For details, see our Data Processing Addendum and Privacy Policy.
We will give at least 30 days’ prior notice before adding or replacing a sub-processor. If you have questions, contact privacy@trelvio.eu.
| Sub-processor | Purpose | Data processed | Location | DPA |
|---|---|---|---|---|
| Railway Corp. | Application hosting, PostgreSQL database, Redis cache | All application data (encrypted at rest) | EU | View |
| Stripe Payments Europe Ltd. | Payment processing, subscription billing | Stripe customer ID, subscription data | EU / US (SCCs) | View |
| Cloudflare, Inc. | CDN, DNS, WAF, bot mitigation (Turnstile) | Request metadata, IP addresses | Global (EU primary) | View |
| PostHog, Inc. | Product analytics (consent-gated) | Anonymous usage events, session data | EU (eu.posthog.com) | View |
| Functional Software, Inc. (Sentry) | Error monitoring and exception tracking | Error stack traces (sensitive headers stripped) | EU | View |
| Plus Five Five, Inc. (Resend) | Transactional email delivery | Email addresses (for delivery only) | EU / US (SCCs, DPF certified) | View |
| Google LLC | OAuth authentication (Google Sign-In) | OAuth tokens, basic profile info | EU / US (SCCs) | View |
| Microsoft Corporation | OAuth authentication (Entra ID) | OAuth tokens, basic profile info | EU / US (SCCs) | View |
| GitHub, Inc. | Source code hosting, CI/CD pipeline | Code, deployment artifacts, backup archives | US (SCCs) | View |
| OpenRouter (Crusoe Energy Systems) | LLM inference for legislative document analysis (fallback) | Public legislative document text only (no user PII) | EU / US (ZDR available) | View |
| Ollama, Inc. | LLM inference for legislative document analysis (primary) | Public legislative document text only (no user PII) | Cloud (no data retention) | View |