Subprocessors
This page lists all third-party service providers ("sub-processors") that process personal data on behalf of Korely under the meaning of Article 28 of the General Data Protection Regulation (GDPR). It is published here for transparency and is updated whenever a sub-processor is added, removed, or materially changed.
Korely is operated by Massimiliano Martella (currently natural person; will transfer to Korely SRL upon incorporation), based in Italy. Privacy contact: privacy@korely.ai.
Sub-processors in active use
| Provider | Purpose | Region | DPA / Privacy Policy |
|---|---|---|---|
| Google Gemini (Google LLC / Google Ireland Ltd) | LLM core: uploaded audio/video transcription, embeddings, AI chat, summaries, entity extraction | United States (EU SCC + adequacy) | DPA · Privacy |
| Deepgram (Deepgram, Inc.) | Real-time speech-to-text transcription (live in-app recordings) | European Union (api.eu.deepgram.com endpoint) |
DPA · Privacy |
| Render (Render Services, Inc.) | Application hosting: backend, frontend, PostgreSQL, cron jobs | European Union (Frankfurt) | DPA · Privacy |
| Cloudflare R2 (Cloudflare, Inc.) | Object storage: audio files, database backups, immutable legal archives | European Union | DPA · Privacy |
| Firebase Auth + FCM (Google LLC) | Authentication, magic-link login, push notifications | United States (EU SCC + adequacy) | DPA · Privacy |
| Stripe (Stripe Payments Europe Ltd. for EU; Stripe, Inc. fallback) | Payment processing, subscription management, billing | EU + US | DPA · Privacy |
| Resend (Resend, Inc.) | Transactional email: magic-link, verification, password reset | United States | DPA · Privacy |
| Loops (Loops, Inc.) | Waitlist contact storage and product-update emails to opted-in leads (email + signup timestamp + consent record) | United States (EU SCC) | DPA · Privacy |
| Sentry (Functional Software, Inc.) | Error tracking and observability (PII off, no session replays) | European Union (Germany) | DPA · Privacy |
| Microsoft Graph (Microsoft Corporation / Microsoft Ireland) | Outlook calendar integration (optional, OAuth2 user opt-in) | EU/US per tenant | DPA · Privacy |
| Google Calendar API (Google LLC) | Google Calendar integration (optional, OAuth2 user opt-in) | United States (EU SCC) | DPA · Privacy |
| Telegram Bot API (Telegram FZ-LLC, Dubai) | Voice and text ingestion via @KorelyBot (optional, user opt-in) | Telegram global infrastructure | Privacy · Bot API ToS |
| Cloudflare Pages Analytics (Cloudflare, Inc.) | Server-side, cookieless audience measurement for the public website (aggregated page views, referrers, country-level geolocation, browser/OS share). No client-side snippet, no cookies, no user-level profiling. Enabled automatically as part of the Cloudflare Pages deployment. | Cloudflare global edge network | DPA · Privacy · Docs |
Services we explicitly do NOT use
For full transparency, the following services are commonly assumed to be in use by modern web applications but are not used by Korely:
- Google Tag Manager, Google Analytics — replaced by Cloudflare Pages Analytics (server-side, cookieless)
- Meta Pixel, Facebook ads — none
- Hotjar, FullStory, LogRocket, Mouseflow — no session replay tools
- Mailchimp, ActiveCampaign, ConvertKit — no marketing email lists
- Intercom, Crisp, Drift, Zendesk — no third-party live chat or ticketing
- Anthropic Claude API direct — not used by Korely's core (Korely is exposed as an MCP server but does not consume Claude as an LLM provider)
- OpenAI API direct — not used by Korely user-facing services
Notification of changes
We will update this page whenever a sub-processor is added, removed, or materially changed (region, purpose, retention). Material changes affecting your personal data will also be reflected in our Privacy Policy with a new effective date.
For enterprise customers requiring formal notification, please contact us at privacy@korely.ai to subscribe to our sub-processor change notifications.
Contact
For privacy questions or to exercise your rights under GDPR (access, deletion, rectification, portability, objection): privacy@korely.ai.
Data Controller: Massimiliano Martella, Via della Bastia, 40033 Casalecchio di Reno (BO), Italy. Will transfer to Korely SRL upon incorporation.
A more comprehensive Data Processing Addendum is available to enterprise customers on request. The internal record of processing activities (RoPA) and Data Protection Impact Assessments (DPIAs) are maintained per Articles 30 and 35 GDPR and may be shared with supervisory authorities or under NDA.