Sub-processors
Last updated: April 27, 2026
Designless ("we", "us", or "our") engages the third parties listed below to deliver the Designless platform. Under our Privacy Policy and any applicable Data Processing Addendum, these vendors are sub-processors that may access or store personal data on our behalf, subject to written contractual obligations consistent with Article 28 of the GDPR.
This page is the authoritative current list. We update it as our infrastructure changes. The "Last updated" date above reflects the latest revision.
1. Current sub-processors
1.1 Infrastructure
| Vendor | Purpose | Region | Privacy |
|---|---|---|---|
| Supabase | Database and platform infrastructure | Australia (Sydney) | Policy |
| Vercel | Web hosting and content delivery | United States, global edge | Policy |
| GitHub | Source code hosting and build pipeline | United States | Policy |
1.2 Authentication and identity
| Vendor | Purpose | Region | Privacy |
|---|---|---|---|
| Optional single sign-on | United States, global | Policy |
1.3 AI model providers
| Vendor | Purpose | Region | Privacy |
|---|---|---|---|
| Anthropic | Language model APIs for product features | United States | Policy |
| OpenAI | Language and vision model APIs for product features | United States | Policy |
1.4 Payments
| Vendor | Purpose | Region | Privacy |
|---|---|---|---|
| Polar | Subscription billing for international customers | Sweden / European Union | Policy |
| Razorpay | Subscription billing for India-region customers | India | Policy |
| Svix | Webhook signature verification | United States | Policy |
1.5 Email
| Vendor | Purpose | Region | Privacy |
|---|---|---|---|
| Resend | Transactional email delivery | United States | Policy |
1.6 Analytics
| Vendor | Purpose | Region | Privacy |
|---|---|---|---|
| Vercel Analytics | Aggregate usage analytics | United States | Policy |
| Vercel Speed Insights | Performance monitoring | United States | Policy |
2. Notification of changes
We will update this page when we add, replace, or remove a sub-processor. For customers on Enterprise plans, we will provide reasonable advance notice (at least 30 days) before adding a new sub-processor that processes personal data. Customers may object on reasonable grounds within that window.
3. International transfers
Some of the sub-processors above are located outside your country of residence. Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a third country that has not received an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses, where required.
4. Contact
For questions about this list or to request a copy of relevant Standard Contractual Clauses, contact privacy@designless.io.
For data protection inquiries in the EU, you may also contact our Data Protection Officer at dpo@designless.io.