Skip to content

Sub-processors

EgoVista — egovista.app

Last updated: 30 June 2026

See also: Privacy Policy · Contributor Terms

This page is the up-to-date, dated list of the sub-processors that process personal data on behalf of EgoVista. The Privacy Policy, the Contributor Terms of Service and the GDPR & compliance page describe these sub-processors by functional category; this page maps each category to the specific provider currently used. EgoVista may change the provider used within a category with a thirty-day prior notice published on this page; substantial changes (in particular changes affecting the country of processing) are also notified by email to registered users.

Functional categorySub-processorRole / data concernedRegion of processingTransfer safeguard
EU-region hosting and object storageCloudflare R2Video files, dataset artefactsEuropean Union (EU jurisdictional region)EU region selected; Standard Contractual Clauses as fallback
EU-region databaseSupabaseAccounts, metadata, contact-form messagesEuropean Union (Frankfurt region)EU region selected
EU-region GPU compute for segmentationRunPod, Inc.Occulted frames for hand-object segmentationNetherlands (Amsterdam region)EU region selected; Standard Contractual Clauses with operator
Action-labeling on EU-region infrastructureGoogle Cloud Vertex AIOcculted (blurred) frames for action labellingNetherlands (europe-west4)EU region selected; Google LLC certified under the EU-U.S. Data Privacy Framework, with Standard Contractual Clauses as fallback
EU-region rate limitingUpstashRate-limit counters, IP fragmentsIreland (eu-west-1)EU region selected
Transactional email providerResendEmail addresses for transactional emailsUnited StatesEU-U.S. Data Privacy Framework (provider certified since March 2025); Standard Contractual Clauses in the Data Processing Addendum as fallback
Error monitoringSentryAggregated error reports (configured to exclude personal data)United States / European UnionEU data residency option used where available; Standard Contractual Clauses
Payment providerWise BusinessPayment processing. The Contributor enters their IBAN directly into the provider’s interface; no banking data is stored by EgoVista.Available on requestBanking details handled directly by the provider; not stored by EgoVista. Transfer safeguard available on request.

International transfers — Data Privacy Framework and fallback

For sub-processors located in the United States that are certified under the EU-U.S. Data Privacy Framework, EgoVista relies on that Framework as the transfer mechanism, with Standard Contractual Clauses stipulated as an automatic fallback should the Framework cease to apply. The adequacy of the EU-U.S. Data Privacy Framework is the subject of a pending appeal before the Court of Justice of the European Union (Latombe, C-703/25 P), which is a factor of legal uncertainty; if the Framework were invalidated, EgoVista would rely on the Standard Contractual Clauses already in place and would notify registered users.

Pseudonymisation before external processing

As a matter of principle, faces are pseudonymised (visual occultation) on EgoVista-controlled infrastructure before any frame is transmitted to an external sub-processor. This blurring is a security and data-minimisation measure; the processed video remains personal data within the meaning of Article 4(1) GDPR. The detail of this step is described in the Privacy Policy.