Legal

Subprocessors

Last updated: July 9, 2026

This page lists the subprocessors Glassline uses to provide the Glassline photo gallery service where they process Customer Personal Data on our behalf. Payment and invoicing providers, such as Polar.sh, are described in the Privacy Policy because they process billing and subscription data for Glassline's controller activities.

Current Subprocessors

SubprocessorPurposeData involvedLocationTransfer mechanism
SupabaseAuthentication and database servicesAccount identifiers, gallery metadata, access recordsSelected EU project regionSigned Supabase DPA and SCCs for non-EEA processing
Amazon Web ServicesPhoto and file storageUploaded photos, files, image metadataEU regionAWS DPA and SCCs for non-EEA processing
Amazon CloudFrontGlobal image deliveryImage requests, IP address, user agent, requested file pathGlobal edge networkAWS DPA, SCCs, and supplementary measures
VercelWebsite and app hostingRequest metadata and application runtime dataUnited States/globalVercel DPA and SCCs where applicable
PostHogAnalytics, feedback, error diagnostics, performance monitoringUsage events, diagnostic data, feedback, technical contextEU data centerPostHog DPA and SCCs where applicable
ResendTransactional and service emailsEmail address, message metadata, service-email contentUnited StatesResend DPA, SCCs, and supplementary measures

Changes

Glassline provides at least 30 days' prior notice before adding or replacing a subprocessor that processes Customer Personal Data. Customers may object on reasonable data protection grounds as described in the Data Processing Agreement.