We use third-party companies to run Skylina. Here's who, what they do, and why. All are contractually bound to protect your data. We review them annually.
Skylina uses the following third-party service providers ("sub-processors") to process your personal data. All sub-processors are contractually bound to data protection obligations consistent with GDPR Article 28.
| Provider | Purpose | Data Shared | Legal Basis |
|---|---|---|---|
| Polsia | Platform infrastructure, orchestration | Account data, generation data | Data Processing Agreement |
| Anthropic | AI code generation (Claude API) | User prompts (processed, not retained long-term per Anthropic policy) | Data Processing Agreement |
| Sapiom (Polsia) | AI image generation | User prompts for image generation | Data Processing Agreement |
| Neon (Supabase) | PostgreSQL database hosting | All structured user data | DPA, SOC 2 Type II |
| Stripe | Payment processing | Payment card data (tokenized, not stored by Skylina) | Payment Services Agreement |
| Render | Cloud hosting and deployment | Application data, logs | Data Processing Agreement |
| Cloudflare | CDN, DDoS protection, DNS | IP addresses, request metadata | Data Processing Agreement |
We conduct annual reviews of all sub-processors, collecting updated SOC 2 reports, security questionnaires, and compliance documentation. Last review: June 2026. Next scheduled review: June 2027.
We will notify you via email at least 30 days before adding a new sub-processor or changing how data is processed by existing sub-processors.
Questions about sub-processors: privacy@skylina.polsia.app