Sub‑processors
The third parties that help us run pomela, and what each one processes on our behalf. Engaged under our DPA.
| Sub‑processor | Purpose | Data it processes |
|---|---|---|
| Anthropic | The LLM that turns a prompt into an app (and powers in‑app AI features) | The creator's prompt and AI‑feature inputs. Sent server‑side; never the end‑user's stored content. |
| Cloudflare | Compute (Workers), hosting, CDN, edge security | All traffic transits Cloudflare; generated apps and APIs run on Workers. Processes request data + serves stored content. |
| Supabase | Primary database for creator apps and end‑user app data | Creator account records and End‑User Data (app_state), isolated per‑tenant by row‑level security. |
| Resend | Transactional email (sign‑in codes, alerts, per‑app email) | Recipient email addresses and message contents for emails the platform or an app sends. |
| PayPal | Pomela Pro subscriptions & credit top‑ups | The creator's billing identifiers and transaction metadata. Card data stays on PayPal. |
| Stripe (creator‑BYOK) | A processor a creator may connect to take payments in their own app | End‑user payment data flows directly to the creator's own Stripe account, pomela never touches it; we only store the creator's connection secret, encrypted. |
What pomela does NOT do
pomela is not custodial for any payment funds. When a creator sells through their app (payment‑BYOK), money moves between the end‑user and the creator's own processor; pomela is not party to it and takes no cut.
Notes
- Analytics/error telemetry the platform collects is anonymous and aggregated (see Privacy) and does not include end‑users' stored app content.
- The LLM (Anthropic) processes prompts to generate apps and to run in‑app AI; we route all AI server‑side so no LLM key ever reaches a browser.
- This list reflects the production stack at the date above. A lawyer should confirm each provider's DPA, sub‑processor terms, and data‑residency commitments.