Legal
Authorised sub-processors
Effective 15 June 2026. The third parties Cyntech engages to deliver its services. Existing customers receive at least 30 days' written notice of any addition or replacement, with the right to object.
| Sub-processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Supabase (managed Postgres, Auth, Storage) | Primary application database, authentication, file storage | EU (Ireland) / customer-elected region | EU SCCs 2021 Module 2 + UK Addendum B.1.0 |
| Cloudflare | Edge compute, DNS, DDoS mitigation, TLS termination, WAF | Global edge | EU SCCs 2021 Module 2 + UK Addendum B.1.0 |
| Resend | Transactional email delivery (invites, password resets, notifications) | United States / EU | EU SCCs 2021 Module 2 + UK Addendum B.1.0 |
| Lovable Cloud | Application hosting and deployment pipeline | Global edge | EU SCCs 2021 Module 2 + UK Addendum B.1.0 |
| Stripe (where billing is enabled) | Card payment processing for subscription billing | United States / EU / UK | EU SCCs 2021 Module 2 + UK Addendum + PCI DSS Level 1 |
Change notifications
To be notified when this list changes, email privacy@cyntech.co.za. Material additions are also announced on this page with a "last reviewed" date update.
Last reviewed: 15 June 2026. For the full processor / sub-processor relationship, see our Privacy Policy and Data Processing Agreement template.