1.About this list
To deliver the qPipe Service, Qvalento Solutions AB engages a small number of third-party providers (“sub-processors”) that may process personal data on behalf of our customers. Each sub-processor is bound by a data protection agreement imposing obligations no less protective than those in our Data Processing Agreement, and we remain fully responsible to our customers for their performance.
This page is the current, authoritative list referenced by DPA Section 7.
2.Current sub-processors
| Sub-processor | Purpose | Processing location | Transfer safeguard |
|---|---|---|---|
| Supabase Supabase, Inc. (USA) | Managed PostgreSQL database and file storage for application data, configurations, and encrypted credentials | European Union (eu-north-1, Stockholm) | Data processing agreement; SCCs where applicable |
| Clerk Clerk, Inc. (USA) | Identity and authentication: sign-in (email/password, Google OAuth, passkeys/MFA) and user account management | USA | SCCs / EU–US Data Privacy Framework |
| Vercel Vercel Inc. (USA) | Hosting for the qPipe web application and server-side API routes | EU (arn1, Stockholm) for server-side compute; static delivery via global edge network | Vercel Data Processing Addendum; SCCs where applicable |
| Google Cloud Google Cloud EMEA Limited (Ireland) | Cloud infrastructure for pipeline compute (Cloud Run), container builds, and job scheduling (Cloud Scheduler). Pipeline Data passes through during a job only and is not stored | EU (europe-west1, Belgium) | Google Cloud Data Processing Addendum; SCCs where applicable |
| Brevo Brevo SAS (France) | Transactional email delivery: credential health alerts and pipeline failure digests | EU (France) | Data processing agreement; EU-based processing |
3.What is not a sub-processor
The Source Platforms you connect (such as Google Ads, Meta Ads, or your CRM) and the Destinations you designate (such as your BigQuery, ClickHouse, or PostgreSQL warehouse) are not sub-processors of Qvalento. You choose and control those services under your own agreements with their providers, and qPipe accesses them solely on your instruction, using the credentials you provide.
This means new source and destination integrations added to the qPipe catalog never change this list.
4.Changes and notifications
We will update this page — and notify customers through the Service or by email — at least 30 days before adding or replacing a sub-processor that processes personal data contained in Customer Data. Customers may object on reasonable, documented data protection grounds within the notice period, as set out in DPA Section 7.
Questions about this list can be sent to consent@qpipe.io.