Legal

Sub-processors

Effective 18 May 2026. The vendors below are authorised sub-processors for Dina Holdings LLC. Each has been vetted for security posture, data handling practices, and contractual coverage.

VendorPurposeData categoryHosting region
VercelEdge hosting and CDNSite content, IP-derived analyticsGlobal edge, US primary
SupabasePostgres database, file storage, authenticationCustomer data, account credentialsUnited States
ClerkAuthentication and user managementAccount credentials, session metadataUnited States
StripePayment processing and billingBilling details, transactional recordsUnited States
AnthropicClaude API for AI workflowsPrompt content as authorised by the ControllerUnited States
InngestDurable background job executionJob payloads, transient processing dataUnited States
Google WorkspaceEmail, calendar, document storage for operationsOperational correspondenceUnited States
CloudflareDNS, DDoS protection, edge cachingRouting metadata, IP contextGlobal edge
GitHubSource control, deployment, code reviewSource code, deployment metadataUnited States
SentryApplication error monitoringError context, anonymised user identifiersUnited States and EU regions

Notification of changes

This list is updated as we add, remove, or replace sub-processors. Material changes are posted to this page at least 14 days before they take effect. Subscribers to our customer mailing list receive a notification email. Controllers under a Data Processing Addendum may object to a proposed change in writing within the notification window.

Special-purpose sub-processors

Specific engagements may use additional sub-processors, named in the engagement letter or order form for that engagement. Special-purpose sub-processors do not appear on this list and are not authorised across the group.