Sub-processors
Last Updated: May 22, 2026
This page lists the third-party service providers that process Givore user data on our behalf (sub-processors under GDPR Article 28). It is the public-facing companion to our Privacy Policy §6.
We distinguish two categories: App-data processors, which receive data you generate when using the Givore app; and Marketing-channel processors, which process only public-marketing or social-media data with no connection to your Givore app account.
App-data processors
Processing of personal data that you submit to Givore (account, content, media, interactions, device telemetry) happens through these vendors.
| Sub-processor | Purpose | Data shared | Jurisdiction | DPA |
|---|---|---|---|---|
| Hostinger | VPS hosting for api.givore.com and primary database |
All personal data at rest (accounts, posts, messages, images, location) | EU (Lithuania HQ; VPS region EU) | Standard DPA |
| Cloudflare R2 | Object storage for media (avatars, post images) at cdn.givore.com |
User-uploaded images and avatars | EU (R2 EU jurisdiction) | Standard DPA |
| Cloudflare | CDN, DNS, TLS termination, WAF for all *.givore.com domains |
IP addresses, request metadata, TLS termination | Global edge | Standard DPA |
| Sentry | Error monitoring (web + API) | Stack traces, browser/OS metadata; aligned to no-PII configuration | EU (Frankfurt) | Standard DPA |
| PostHog | Product analytics | Identified events for authenticated users (user ID, event name, event properties) | EU Cloud (Frankfurt — eu.i.posthog.com) |
Standard DPA |
| Firebase / FCM / Crashlytics | Push notifications + mobile crash reports | FCM device push tokens; Crashlytics anonymised device metadata + stack traces | US (Google LLC); global data centres | Standard DPA |
| Google Analytics | Marketing-site analytics | Anonymised website usage, truncated IP, device/browser metadata | US / global | Standard DPA |
| Google OAuth | Identity provider — Sign in with Google | Email, name, profile picture, Google account ID | US | Google API Services User Data Policy (Limited Use) |
| Apple Sign-In | Identity provider — Sign in with Apple (iOS) | Apple user ID (per-app pseudonym), email (real or relay), name on first sign-in | US (Apple Inc.) | Apple Developer Agreement Schedule 2 |
| Google Gemini API | AI-assisted feature input (paid tier, no training on prompts) | User-submitted text sent as prompt input for the specific AI feature | US (Google Cloud) | Standard DPA |
Marketing-channel processors
The vendors below process data only from public marketing channels (givore.com, Givore's social-media accounts). They do not receive any personal data from your Givore app account.
| Sub-processor | Purpose | Data shared | Jurisdiction | DPA |
|---|---|---|---|---|
| Metricool | Website-traffic analytics + social-media publishing/analytics | Anonymised website traffic; OAuth-mediated data from Givore's IG/TikTok/Facebook/YouTube accounts | Spain (Madrid HQ) | Spanish RGPD-compliant terms |
| ManyChat | Inbound DM handling on Givore's Instagram, Facebook and WhatsApp accounts | Social-platform user IDs, names, profile photos, chat history of people who voluntarily message Givore on those platforms | US (San Francisco) | Standard DPA |
Changes and notification
We update this page whenever we add or remove a sub-processor. Material additions affecting how Givore-app data is processed are also reflected in our Privacy Policy §6; we will notify users in the App in such cases.
Contact
Questions about sub-processors or to request signed Data Processing Agreements: [email protected]