Subprocessors

Third-party providers that may process personal data on behalf of Small Scale Labs AB when delivering Newly.

Last updated
July 16, 2026
Privacy contact
[email protected]

About this register

Small Scale Labs AB (“Newly”) uses the providers below to operate the Services. A provider processes personal data only when its service is needed for the relevant Newly product, feature, or customer configuration, so not every provider is used for every customer.

This register forms part of the information Newly provides to customers under its Data Processing Agreement (“DPA”). It should be read together with our Privacy Policy and the customer’s applicable agreement with Newly.

Some providers may act as independent controllers for particular activities, such as payment processing. Their role and obligations for those activities are governed by the applicable provider terms and data-protection documents.

Current subprocessors

Apify Technologies s.r.o.

Purpose
Public social-profile discovery for influencer outreach features
Data categories
Search criteria and public social-profile information

Amazon Web Services, Inc. (AWS)

Purpose
Cloud infrastructure, object storage, and build artefact storage
Data categories
Customer Data, project artefacts, backups, and technical metadata

Anthropic, PBC

Purpose
AI model inference
Data categories
Prompts, selected project context, and generated outputs

Clerk, Inc.

Purpose
Authentication, identity, and session management
Data categories
Account identifiers, contact details, and session metadata

Cloudflare, Inc.

Purpose
Content delivery, networking, domain routing, and object storage
Data categories
Network identifiers, request metadata, and hosted content

Databricks, Inc.

Purpose
AI model serving
Data categories
Prompts, selected project context, and generated outputs

Features & Labels Inc. (fal)

Purpose
AI image, video, and media generation
Data categories
Prompts, uploaded reference assets, generated media, and technical metadata

Google LLC and its contracting affiliates

Purpose
Cloud hosting, storage, managed databases, and AI model inference
Data categories
Customer Data, project artefacts, technical metadata, prompts, and generated outputs

Modal Labs, Inc.

Purpose
Serverless compute and isolated agent execution
Data categories
Customer Data, project files, prompts, generated outputs, and technical logs

Neon, LLC

Purpose
Managed PostgreSQL database hosting
Data categories
Account, workspace, project, and application data stored in managed databases

OpenAI, L.L.C.

Purpose
AI model inference
Data categories
Prompts, selected project context, uploaded assets, and generated outputs

OpenRouter, Inc.

Purpose
AI model routing and inference
Data categories
Prompts, selected project context, and generated outputs

OneSignal, Inc.

Purpose
Push-notification provisioning, delivery, and analytics
Data categories
App configuration, subscriber identifiers, device tokens, and delivery analytics

PostHog, Inc.

Purpose
Product analytics and feature management
Data categories
Account identifiers, usage events, device information, and technical metadata

Plus Five Five, Inc. (Resend)

Purpose
Transactional and account email delivery
Data categories
Contact details, message content, and delivery metadata

Functional Software, Inc. (Sentry)

Purpose
Error monitoring and application diagnostics
Data categories
Error reports, device information, request metadata, and technical logs

Slack Technologies, LLC

Purpose
Internal support and operational notifications
Data categories
Account contact details, support information, billing events, and technical alerts

Specific Technologies Inc. (Specific / Specular)

Purpose
Hosted application backends, databases, storage, and deployment
Data categories
Project source, backend configuration, application data, environment variables, and logs

Stripe, Inc.

Purpose
Payment processing, subscription management, invoicing, and tax
Data categories
Account, billing, transaction, and tax information

Usable (usable.dev)

Purpose
Agent tools and application-service integrations
Data categories
Tool requests, selected project context, configuration, and tool outputs

Vercel Inc.

Purpose
Web application hosting, content delivery, and performance monitoring
Data categories
Network identifiers, request metadata, account data, and hosted content

WhiteCircle (whitecircle.ai)

Purpose
Prompt safety and content moderation
Data categories
Prompts, account and project identifiers, network identifiers, and moderation results

Customer-controlled integrations

Newly also lets customers connect third-party accounts that they select and control. In those cases, the provider generally processes data under its agreement with the customer rather than as a Newly subprocessor. Newly processes the connection credentials and sends data to the provider only as directed by the customer or as needed to provide the enabled integration.

Supabase, Inc.

Purpose
Customer-selected database, authentication, storage, and edge-function services
Data categories
OAuth credentials and data the customer or agent directs to the connected Supabase project

GitHub, Inc.

Purpose
Customer-selected source control and repository integration
Data categories
OAuth or app credentials, repository metadata, source code, and commit history

RevenueCat, Inc.

Purpose
Customer-selected in-app purchase and subscription management
Data categories
OAuth credentials, app and product configuration, and subscription metadata

Apple Inc.

Purpose
Customer-selected App Store Connect, build signing, and publishing
Data categories
Developer credentials, app metadata, build artefacts, and publishing information

Google LLC

Purpose
Customer-selected Google Play Console and app publishing
Data categories
Developer credentials, app metadata, build artefacts, and publishing information

Customers may connect additional third-party services or MCP servers. Those connections are governed by the customer’s agreement with the selected provider.

International transfers

Processing locations depend on the provider, the customer’s configuration, and the service used. Where personal data is transferred outside the EEA, UK, or Switzerland, Newly uses the transfer safeguards described in our Privacy Policy and DPA, including the EU Standard Contractual Clauses where applicable.

Changes to subprocessors

Newly may add or replace a subprocessor as its Services evolve. We will update this page and provide notice to customers with a DPA in accordance with the notice period and objection process in their agreement before a new subprocessor begins processing their personal data.

For questions about a provider, its processing location, or applicable safeguards, email [email protected].