1. Direct Processors and Sub-Processors
| Direct Processor | Function | Material Sub-Processors | Processing Location | Child Data? |
|---|---|---|---|---|
| Hosting and authentication provider | Account access, database, and storage services | United States | Yes |
| AI assistance provider | Optional tutoring and safety assistance | United States | Yes, only as needed to provide the feature |
| AI assistance provider | Optional alternate tutoring assistance | United States | Yes, only as needed to provide the feature |
| AI assistance provider | Optional alternate tutoring assistance | United States | Yes, only as needed to provide the feature |
| ElevenLabs, Inc. | Audio asset pre-generation only — server-side text-to-speech rendering of Koydo-authored scripts; static audio files baked into product. No live AI traffic; no User personal data sent. | Amazon Web Services | United States | No — content tooling, not a User-data processor |
| fal.ai | AI image generation for adult-facing creative surfaces | AWS-based inference infrastructure | United States | Limited — text prompts only; under-13 access requires AI disclosure consent |
| Stripe, Inc. | Payment processing for adult subscriptions | AWS; payment-network providers (Visa, Mastercard, etc.) per Stripe's published list | United States, with global card-network routing | No — adult accounts only |
| RevenueCat, Inc. | Mobile subscription management (iOS, Android) | AWS; Apple StoreKit; Google Play Billing | United States | No — adult accounts only |
| Vercel, Inc. | Web hosting, edge runtime, web performance analytics | Amazon Web Services; Cloudflare (edge cache and DDoS protection) | United States; global edge | No — Vercel Analytics blocked by code for all users under 18 |
| Mixpanel, Inc. | Product analytics (consented or settings-toggled) | Google Cloud Platform | United States | No — Mixpanel blocked by code for all users under 18 |
| Sentry (Functional Software, Inc.) | Error monitoring and crash reporting | Google Cloud Platform | United States | Limited — error logs only; PII auto-scrubbed for child accounts |
| Google Workspace | Business email infrastructure (admin@, privacy@, legal@, etc.); Gmail API for vendor correspondence | Google LLC global infrastructure | Multi-region | Limited — admin correspondence only; no User content |
| Cloudflare, Inc. | DNS, CDN, DDoS protection, bot management | Cloudflare global edge | Global edge (no User personal data persisted) | Yes — incidental network metadata only |
| Daily.co | Real-time video for Study Rooms (peer-to-peer Focus Cam) | AWS infrastructure | United States | Limited — under-13 blocked from Focus Cam; no recordings stored |
Plain-language summary
2. Excluded / Not Used
The following providers have been evaluated and excluded for child-serving Koydo products:
| Provider | Reason for exclusion |
|---|---|
| xAI / Grok | Regulatory and content-safety risk for a child-serving platform; not used; do not re-enable |
| Meta Platforms (Facebook SDK, Pixel, etc.) | Advertising and behavioral-tracking infrastructure inconsistent with Koydo's no-advertising posture |
| TikTok Pixel / TikTok APIs | Same as above |
| Google Ads / DoubleClick | Same as above |
Plain-language summary
3. DPA Status Snapshot
| Processor | DPA Status | Last Verified |
|---|---|---|
| Supabase | Signed | 2026-04-15 |
| OpenAI | Signed (v.010126, 2026-03-19, by Robert Waltos as CEO of Koydo LLC) | 2026-04-15 |
| Anthropic | Pending — letter drafted at docs/compliance/vendor-letters/01-anthropic.md | 2026-04-15 |
| Google (Gemini) | Pending — letter drafted at docs/compliance/vendor-letters/02-google-ai.md | 2026-04-15 |
| ElevenLabs | Pending — best-practice only (no User data flows; pre-gen content tooling) | 2026-04-15 |
| Stripe | Signed | 2026-04-15 |
| RevenueCat | Signed | 2026-04-15 |
| Vercel | Signed | 2026-04-15 |
| Mixpanel | Signed | 2026-04-15 |
| Sentry | Signed | 2026-04-15 |
The full vendor-correspondence audit trail is maintained internally on Supabase project osnxbuusohdzzcrakavn, table vendor_privacy_requests, with WORM event log and SHA-256 body snapshot for every outbound letter (see wiki/compliance/vendor-privacy-correspondence-tracker.md for the system architecture).
Sub-processor list v2026-05-09 — Effective May 9, 2026 — koydo.app/legal/subprocessors
Plain-language summary