About this register
Small Scale Labs AB (“Newly”) uses the providers below to operate the Services. A provider processes personal data only when its service is needed for the relevant Newly product, feature, or customer configuration, so not every provider is used for every customer.
This register forms part of the information Newly provides to customers under its Data Processing Agreement (“DPA”). It should be read together with our Privacy Policy and the customer’s applicable agreement with Newly.
Some providers may act as independent controllers for particular activities, such as payment processing. Their role and obligations for those activities are governed by the applicable provider terms and data-protection documents.
Current subprocessors
Apify Technologies s.r.o.
- Purpose
- Public social-profile discovery for influencer outreach features
- Data categories
- Search criteria and public social-profile information
Amazon Web Services, Inc. (AWS)
- Purpose
- Cloud infrastructure, object storage, and build artefact storage
- Data categories
- Customer Data, project artefacts, backups, and technical metadata
Anthropic, PBC
- Purpose
- AI model inference
- Data categories
- Prompts, selected project context, and generated outputs
Clerk, Inc.
- Purpose
- Authentication, identity, and session management
- Data categories
- Account identifiers, contact details, and session metadata
Cloudflare, Inc.
- Purpose
- Content delivery, networking, domain routing, and object storage
- Data categories
- Network identifiers, request metadata, and hosted content
Databricks, Inc.
- Purpose
- AI model serving
- Data categories
- Prompts, selected project context, and generated outputs
Features & Labels Inc. (fal)
- Purpose
- AI image, video, and media generation
- Data categories
- Prompts, uploaded reference assets, generated media, and technical metadata
Google LLC and its contracting affiliates
- Purpose
- Cloud hosting, storage, managed databases, and AI model inference
- Data categories
- Customer Data, project artefacts, technical metadata, prompts, and generated outputs
Modal Labs, Inc.
- Purpose
- Serverless compute and isolated agent execution
- Data categories
- Customer Data, project files, prompts, generated outputs, and technical logs
Neon, LLC
- Purpose
- Managed PostgreSQL database hosting
- Data categories
- Account, workspace, project, and application data stored in managed databases
OpenAI, L.L.C.
- Purpose
- AI model inference
- Data categories
- Prompts, selected project context, uploaded assets, and generated outputs
OpenRouter, Inc.
- Purpose
- AI model routing and inference
- Data categories
- Prompts, selected project context, and generated outputs
OneSignal, Inc.
- Purpose
- Push-notification provisioning, delivery, and analytics
- Data categories
- App configuration, subscriber identifiers, device tokens, and delivery analytics
PostHog, Inc.
- Purpose
- Product analytics and feature management
- Data categories
- Account identifiers, usage events, device information, and technical metadata
Plus Five Five, Inc. (Resend)
- Purpose
- Transactional and account email delivery
- Data categories
- Contact details, message content, and delivery metadata
Functional Software, Inc. (Sentry)
- Purpose
- Error monitoring and application diagnostics
- Data categories
- Error reports, device information, request metadata, and technical logs
Slack Technologies, LLC
- Purpose
- Internal support and operational notifications
- Data categories
- Account contact details, support information, billing events, and technical alerts
Specific Technologies Inc. (Specific / Specular)
- Purpose
- Hosted application backends, databases, storage, and deployment
- Data categories
- Project source, backend configuration, application data, environment variables, and logs
Stripe, Inc.
- Purpose
- Payment processing, subscription management, invoicing, and tax
- Data categories
- Account, billing, transaction, and tax information
Usable (usable.dev)
- Purpose
- Agent tools and application-service integrations
- Data categories
- Tool requests, selected project context, configuration, and tool outputs
Vercel Inc.
- Purpose
- Web application hosting, content delivery, and performance monitoring
- Data categories
- Network identifiers, request metadata, account data, and hosted content
WhiteCircle (whitecircle.ai)
- Purpose
- Prompt safety and content moderation
- Data categories
- Prompts, account and project identifiers, network identifiers, and moderation results
Customer-controlled integrations
Newly also lets customers connect third-party accounts that they select and control. In those cases, the provider generally processes data under its agreement with the customer rather than as a Newly subprocessor. Newly processes the connection credentials and sends data to the provider only as directed by the customer or as needed to provide the enabled integration.
Supabase, Inc.
- Purpose
- Customer-selected database, authentication, storage, and edge-function services
- Data categories
- OAuth credentials and data the customer or agent directs to the connected Supabase project
GitHub, Inc.
- Purpose
- Customer-selected source control and repository integration
- Data categories
- OAuth or app credentials, repository metadata, source code, and commit history
RevenueCat, Inc.
- Purpose
- Customer-selected in-app purchase and subscription management
- Data categories
- OAuth credentials, app and product configuration, and subscription metadata
Apple Inc.
- Purpose
- Customer-selected App Store Connect, build signing, and publishing
- Data categories
- Developer credentials, app metadata, build artefacts, and publishing information
Google LLC
- Purpose
- Customer-selected Google Play Console and app publishing
- Data categories
- Developer credentials, app metadata, build artefacts, and publishing information
Customers may connect additional third-party services or MCP servers. Those connections are governed by the customer’s agreement with the selected provider.
International transfers
Processing locations depend on the provider, the customer’s configuration, and the service used. Where personal data is transferred outside the EEA, UK, or Switzerland, Newly uses the transfer safeguards described in our Privacy Policy and DPA, including the EU Standard Contractual Clauses where applicable.
Changes to subprocessors
Newly may add or replace a subprocessor as its Services evolve. We will update this page and provide notice to customers with a DPA in accordance with the notice period and objection process in their agreement before a new subprocessor begins processing their personal data.
For questions about a provider, its processing location, or applicable safeguards, email [email protected].