ScaleApp

📄 Sub-Processor List

Last updated: December 2025

This page identifies the third-party service providers ("Sub-Processors") that Scaleapp Education AB ("Scaleapp," "we," "our," or "us") engages to support the delivery of the Scaleapp Learning Management System ("Service").

Each Sub-Processor may have access to limited personal data only as necessary to perform the services we contract them for. We require all Sub-Processors to adhere to strict confidentiality, data protection, and security standards in accordance with our Data Processing Agreement (DPA) and applicable law.

1. Current Sub-Processors

Below is the list of Sub-Processors used by Scaleapp to operate, support, and maintain the Service.

1.1 Supabase

Purpose: Database hosting, storage, authentication

Services Provided: Managed PostgreSQL, auth, secure storage, API infrastructure

Data Processed: Account data, course data, usage data (as required for platform operation)

1.2 Vercel

Purpose: Web hosting and application delivery

Services Provided: Frontend hosting, serverless runtimes, CDN delivery

Data Processed: Request metadata (e.g., IP address), logs required for content delivery

1.3 Cloudflare

Purpose: Security and performance optimization

Services Provided: DDoS protection, caching, CDN, WAF (Web Application Firewall)

Data Processed: IP-based request metadata for security and traffic routing

1.4 Resend

Purpose: Transactional email delivery

Services Provided: Sending account-related emails, notifications, password recovery

Data Processed: Email addresses, message metadata, notification content

1.5 Sentry

Purpose: Error monitoring and performance diagnostics

Services Provided: Application error tracking and performance analytics

Data Processed: Error/stack traces, device/browser metadata, anonymized diagnostic data (No Customer Content or LMS learning material is intentionally sent.)

1.6 GitHub

Purpose: Code hosting and development collaboration

Services Provided: Source code repository, CI/CD pipelines

Data Processed: No customer personal data (Used only for internal development workflows.)

2. Sub-Processor Safeguards

Scaleapp requires all Sub-Processors to:

  • Comply with applicable privacy regulations (including GDPR where relevant)
  • Maintain reasonable and appropriate security measures
  • Process personal data only under documented instructions
  • Provide confidentiality agreements for all personnel with access
  • Notify Scaleapp of any suspected data breach or security incident
  • Support Scaleapp in fulfilling customer data rights requests

3. Data Transfers

Some Sub-Processors may process data outside of the customer's region. Where required, Scaleapp ensures adequate data protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Additional contractual and technical safeguards

Scaleapp does not permit Sub-Processors to use data for advertising or unrelated purposes.

4. Changes to Sub-Processors

Scaleapp may update this list as we add or change service providers. For Customers with a Data Processing Agreement (DPA), we will provide notice of material changes as required.

5. Contact Us

If you have questions about our Sub-Processor practices, contact us at:

📧 Privacy: privacy@joinscaleapp.com

📧 Security: security@joinscaleapp.com

Scaleapp Education AB

Sweden