Lexa uses trusted third-party services to provide a secure, reliable platform. This article lists all subprocessors that may handle your data.
What is a Subprocessor?
A subprocessor is a third-party service that processes personal data on our behalf. We carefully select subprocessors based on their security practices, compliance certifications, and data protection policies.
Current Subprocessors
| Service | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Database, authentication, file storage | User accounts, class data, worksheets, student work | Singapore / US (configurable) |
| Google Cloud (Gemini) | AI processing, knowledge base indexing | Worksheet content, student answers, feedback generation | Global (US processing) |
| Google Cloud Storage | Knowledge base file storage | Teacher-uploaded materials | Singapore |
| Vercel | Web hosting, serverless functions | Application requests, session data | Global edge network |
| Stripe | Payment processing | Teacher email, subscription status (no card numbers stored by Lexa) | US |
| CloudConvert | Document conversion | Word/PowerPoint files converted to PDF | Germany (EU) |
| Sentry | Error monitoring | Error logs, anonymized session data | US |
Data Processing Details
Supabase
- Hosts our PostgreSQL database with Row Level Security
- Manages user authentication and sessions
- Stores worksheet files and student submissions
- Security Standards: SOC 2 Type II certified platform (audited annually)
Google Cloud
- Processes AI requests via Gemini API
- Stores teacher knowledge base files in Cloud Storage
- Certification: SOC 2, ISO 27001, ISO 27017, ISO 27018
- Data Retention: API requests are not retained for training
Stripe
- Processes teacher subscription payments
- We never see or store your credit card numbers
- Stripe handles all payment data directly
- Certification: PCI DSS Level 1
CloudConvert
- Converts uploaded Word/PowerPoint files to PDF
- Files are processed and immediately deleted after conversion
- No permanent storage of your documents
- Certification: ISO 27001, GDPR compliant
Vercel
- Hosts the Lexa web application
- Processes API requests via serverless functions
- Certification: SOC 2 Type II
Sentry
- Captures application errors for debugging
- Helps us identify and fix issues quickly
- Error data is anonymized where possible
- Certification: SOC 2 Type II
Changes to Subprocessors
We may update this list as our service evolves. Significant changes that affect data processing will be communicated to users.
Questions?
If you have questions about any of our subprocessors or need additional documentation for compliance purposes, please contact us at contact@lexa.sg.