Service providers and subprocessors
Version 1.1 · Updated 11 June 2026 · change log
Our transparency commitments
Whenever we add, replace, or remove a provider we update this page, record the change in the change log at the bottom, and — if the change is material — notify you proactively by email and via an in-app notice.
By "material" we mean: a change of the country of processing, a change of service category, the addition of a new provider outside the EEA, replacement of the payments Merchant of Record, or replacement of the artificial intelligence provider that powers MINA.
All our providers are bound by a written agreement that obliges them to:
- process personal data solely for the purposes we have entrusted to them;
- apply adequate technical and organisational security measures;
- notify us promptly in the event of a data breach;
- not use the data for their own purposes, except for aggregate operational statistics strictly necessary for delivering the service.
Transfer safeguards — legend
- EU / EEA the provider is established in the European Economic Area and data remains within EEA jurisdiction. No additional safeguard required.
- UK the provider is established in the United Kingdom. The transfer is covered by the European Commission adequacy decision of 28 June 2021.
- DPF + SCC the provider is established in the United States of America. We apply Standard Contractual Clauses 2021/914/EU; where the provider participates in the EU-U.S. Data Privacy Framework, we additionally benefit from the adequacy decision of 10 July 2023.
List of providers
Infrastructure, hosting and CDN
| Provider | Category | Country | Transfer |
|---|---|---|---|
| Hetzner Online GmbH | Hosting of application servers, databases (MariaDB) and Redis. This is the infrastructure on which MINOMO runs. | Germany (Nuremberg / Falkenstein) | EU / EEA |
| Cloudflare, Inc. | Content Delivery Network (CDN), DNS, Anti-DDoS, Web Application Firewall (WAF), Turnstile (anti-bot verification replacing reCAPTCHA) and R2 object storage for uploaded images (bucket minomo, served via cdn.minomo.io). |
United States of America (with EEA edge presence) | DPF + SCC |
Email communications
| Provider | Category | Country | Transfer |
|---|---|---|---|
| vhosting solutions S.r.l. (vhosting cloud) | SMTP server for the transport of transactional emails (access OTPs, registration confirmations, receipts, system notifications). Endpoint: mx1.vhostingcloud.com. |
Italy (Salerno) | EU / EEA |
Push notifications
| Provider | Category | Country | Transfer |
|---|---|---|---|
| Google LLC — Firebase Cloud Messaging (FCM) | Gateway for the transport of push notifications to Android devices. MINOMO sends FCM a payload that is already end-to-end encrypted, which FCM delivers to the device without being able to read it. | United States of America | DPF + SCC |
| Apple Inc. — Apple Push Notification service (APNs) | Gateway for the transport of push notifications to iOS devices. MINOMO also interfaces with APNs via the Firebase Cloud Messaging relay. APNs likewise receives the payload already end-to-end encrypted. | United States of America (with European infrastructure) | DPF + SCC |
For the PWA (Web App) version of the service we do not use any third-party gateway: we manage the Web Push standard directly with VAPID keys signed by AVi Kairos Srl.
Artificial intelligence
| Provider | Category | Country | Transfer |
|---|---|---|---|
| Anthropic, PBC | Provider of generative AI models that power MINA, our conversational assistant. User prompts and responses pass between MINOMO and Anthropic for processing. By contract, Anthropic does not use MINOMO prompts to train its own models. | United States of America | DPF + SCC |
Payments
| Provider | Category | Country | Transfer |
|---|---|---|---|
| Paddle.com Market Ltd | Payment processor acting as Merchant of Record for MINOMO wallet top-ups. Handles EU VAT, invoicing and refunds directly. Payment credentials (card number, etc.) are processed exclusively by Paddle in accordance with PCI-DSS standards: MINOMO never sees or stores card data. | United Kingdom (London) | UK |
Social authentication ('Sign in with…')
These providers are involved only if the user chooses to sign in to MINOMO using an existing third-party identity. If you sign in via email OTP, none of these providers is involved.
| Provider | Category | Country | Transfer |
|---|---|---|---|
| Google LLC — Google OAuth | "Sign in with Google" on web, Android and iOS. We receive the user's name, verified email address and Google ID. | United States of America | DPF + SCC |
| Apple Inc. — Sign in with Apple | "Sign in with Apple". We receive a unique identifier and, optionally, an email address (which may be a private alias provided by Apple). | United States of America (with European infrastructure) | DPF + SCC |
Native app builds
| Provider | Category | Country | Transfer |
|---|---|---|---|
| Nevercode Ltd — Codemagic | Continuous integration platform for compiling, signing and distributing MINOMO's iOS and Android applications to the App Store and Google Play. Codemagic has access to the app source code, not to end-users' personal data. | Estonia | EU / EEA |
What we don't use (and why we tell you)
For explicit reference and clarity, the following third-party services — commonly found on comparable platforms — are not present on MINOMO:
- Google Analytics, Google Tag Manager;
- Meta Pixel, Facebook Conversions API;
- LinkedIn Insight Tag;
- TikTok Pixel;
- Hotjar, Mixpanel, FullStory, LogRocket or other session-replay tools;
- OneSignal, Pushwoosh or other commercial push notification providers (we manage these in-house);
- data brokers, advertising exchanges, or ad-tech of any kind;
- Stripe, PayPal or any payment processor other than Paddle.
Should we ever need to introduce any of these tools — or an equivalent — we will add it to this page in advance, explaining the rationale.
Contractual documents on request
Upon formal request you may obtain a copy of the Standard Contractual Clauses 2021/914/EU we apply to a given provider outside the EEA, the corresponding Transfer Impact Assessment (TIA), and a summary sheet of the provider's technical and organisational measures. Requests should be directed to [email protected].
Merchants operating on the MINOMO platform who entrust us with personal data processing on their behalf (typically: management of their follower list for the sending of notifications) may request a dedicated Data Processing Addendum (DPA). You will find it at /en/legal/dpa/.
Change log
| Version | Date | Change |
|---|---|---|
| 1.1 | 11 June 2026 | Removed Facebook Login (Meta Platforms, Inc.): it is no longer a supported sign-in method on MINOMO. |
| 1.0 | 15 May 2026 | First publication: full list of MINOMO providers accompanying the new Privacy Policy v3.0. |
Contact
For questions, document requests or reports relating to this page: [email protected].
For any questions about privacy, contact us at [email protected].