Sub‑Processors and Third‑Party Services – ONQR.AI
Last update: 9 August 2025
This list provides transparency on key processors/sub‑processors we use to deliver our services. Not all services are used for every user or feature. Where applicable, processing is limited to the minimum necessary and governed by appropriate data protection agreements and transfer safeguards (GDPR Art. 44–49).
- Infrastructure and Hosting
- Amazon Web Services (AWS): S3 (storage), CloudFront (CDN), Lambda (serverless processing incl. video conversion/HLS), DynamoDB (application data). EEA/Non‑EEA, SCCs/adequacy as applicable.
- Cloudflare: DNS, CDN, security and anti‑bot (Turnstile). EEA/Non‑EEA, SCCs/adequacy as applicable.
- Identity and Authentication
- AWS Cognito (OIDC/OAuth 2.0) and social identity providers: Apple, TikTok, Amazon, Google, Facebook, GitHub. Data received typically includes name and email for authentication.
- Payments
- Stripe (online payments) and Apple App Store / Google Play for in‑app purchases. ONQR.AI does not store full card numbers.
- Notifications
- Expo / Firebase Cloud Messaging (FCM) / Apple Push Notification service (APNs) and Web Push (VAPID) to deliver device/browser notifications. Processes device tokens and technical delivery data.
- Analytics
- Google Analytics (with IP anonymisation and Consent Mode). Activated only after user consent.
- AI Services
- OpenAI (translations, content/phrase suggestions). Inputs limited to what’s needed for the feature.
- Email and Communications
- Email delivery may be provided via AWS services or SMTP (details available upon request). Transactional emails include confirmations, notices and support responses.
Retention, purpose and legal basis are described in the Privacy Policy. We may update this list over time as services evolve. Material changes will be reflected here.