Data Processing & Sub-processors
Effective date: June 9, 2026 Last updated: June 9, 2026
This document describes how the Social application (the "Service") operated by Breakpoint Labs LLC ("Breakpoint Labs") processes personal data and lists the third-party sub-processors that help us deliver it. It supplements the Privacy Policy and the Data Rights Addendum.
1. Processing roles
- For your account and profile data, Breakpoint Labs is the controller.
- For conversation content that includes other people's personal data, you are the
controller and Breakpoint Labs acts as a processor on your behalf, processing it only to provide the Service and per your instructions.
- Our sub-processors act as processors (or, in some cases such as payments, as
independent controllers for their own compliance purposes).
2. Categories of data processed
Account identifiers; authentication data; profile and settings; conversation content (audio, transcripts, narrated accounts, context notes); contact/speaker records; coach chat messages; AI-generated outputs; usage and billing metadata; device and log data.
3. Current sub-processors
Keep this table current. Notify users of material changes per the Privacy Policy. Confirm each vendor's data-processing terms and the region(s) where they process data.
| Sub-processor | Function | Data processed | Region(s) |
|---|---|---|---|
| Anthropic (Claude API) | AI analysis, replays, briefings, chat, portrait | Transcripts/narratives, context, generated outputs | USA |
| Deepgram | Audio transcription + diarization | Audio recordings/uploads, resulting transcripts | USA |
| Stripe | Payments, subscriptions, customer portal | Billing identifiers, payment metadata, email | USA / Global |
| Resend | Transactional email (magic links) | Email address, message content | USA |
| Render | Application hosting + database storage | All data stored by the Service | USA |
| Google (OAuth) — *when enabled* | Sign-in with Google | Email, basic profile, auth tokens | Global |
4. Safeguards
- We enter into data-processing agreements (DPAs) with sub-processors where required.
- We limit sub-processors to the data they need for their function.
- For transfers out of the EEA/UK, we rely on appropriate safeguards (e.g., EU Standard
Contractual Clauses).
- We do not permit sub-processors to use your conversation content to train their
general models, consistent with our agreements and the Privacy Policy.
5. New sub-processors
If we engage a new sub-processor that processes personal data, we will update this list and provide notice where required, giving controllers an opportunity to object where the law or a contract requires it.
6. Security measures (summary)
Encryption in transit; hashed passwords; scoped, expiring authentication tokens; access controls; least-privilege vendor scoping; environment-variable secret management. See the Privacy Policy, Section 12.
Contact: Breakpoint Labs LLC · Privacy: mycoach.social_privacy@breakpointlabs.space