Service Providers And Subprocessors

Overview

Boba Globe uses the service providers below to operate the app, process payments, send service emails, provide route features, and protect the service. Depending on the privacy law or contract that applies, these providers may be described as service providers, processors, subprocessors, independent controllers, or recipients.

Current Providers

• Supabase: Authentication, database, storage, session handling, and row-level access control. Data involved: Account data, profile data, saved projects, thumbnails, session information, and related service metadata.Provider legal links: Privacy Policy, Data Processing Addendum, Security.
• Stripe: Checkout, payment processing, invoices, receipts, subscription status, and billing portal access. Data involved: Billing contact information, Stripe customer and subscription identifiers, invoice and receipt metadata, payment status, and subscription lifecycle events. Boba Globe does not store full card numbers.Provider legal links: Privacy Policy, Data Processing Agreement, Service Providers.
• AWS SES: Authentication emails, account notices, and subscription lifecycle emails where enabled. Data involved: Recipient email address, message content, delivery metadata, and provider tags needed to send service emails.Provider legal links: AWS Privacy Notice, AWS Data Processing Addendum, Services In Scope.
• Vercel: Application hosting, deployment, request handling, security headers, and operational logs. Data involved: Technical and security data such as request metadata, IP address, status codes, error details, and limited internal account, project, subscription, or provider event identifiers in structured operational logs.Provider legal links: Privacy Policy, Data Processing Addendum, Security And Compliance.
• Amazon CloudFront or CDN provider: Production texture delivery and any other CDN-hosted static assets configured for the app. Data involved: Technical request metadata needed to deliver and protect CDN-hosted static assets. Route object models and previews currently ship from the app's same-origin hosting path.Provider legal links: CloudFront Data Protection, AWS Privacy Notice, AWS Data Processing Addendum.
• unpkg or npm package CDN: Browser delivery of FFmpeg core JavaScript and WebAssembly assets when fallback video export is enabled and used. Data involved: Technical request metadata such as IP address, browser metadata, URL, and timing needed to deliver package assets. Project frames are encoded locally in the browser and are not sent to the package CDN for encoding.Provider legal links: unpkg, npm Privacy Notice, FFmpeg WASM.
• Flightradar24: Historical flight search and track data when you request flight-route import features. Data involved: Flight number, selected flight identifier, date range, and returned route or track information.Provider legal links: Privacy Policy, Terms of Service.
• Google Maps Platform: Places autocomplete and driving-route geometry when Google driving-route features are approved, enabled, and requested. Data involved: Search query, selected place identifiers, origin, destination, route request details, and returned route geometry.Provider legal links: Maps Platform Terms, Google Privacy Policy, Cloud Data Processing Addendum.
• Only eSIM shared Stripe account: Shared billing-account operations while Boba Globe Pro is billed through the existing Stripe account. Data involved: Stripe billing descriptors, invoices, receipts, and account-level billing metadata that may identify Only eSIM while applying to Boba Globe Pro.Provider legal links: Stripe Privacy Policy, Stripe Data Processing Agreement.

Provider Contract Review

Boba Globe reviews provider privacy terms, data-processing terms, security commitments, transfer terms, subprocessor notice processes, and retention or deletion obligations before treating a provider as approved for launch. These public links are provided for transparency, but the signed or accepted contract terms may vary by plan, account, region, and provider configuration.

International Transfer Safeguards

Providers may process information in the United States and other countries where they or their subprocessors operate. Where privacy laws require transfer safeguards, Boba Globe reviews lawful transfer mechanisms such as adequacy decisions, the EU Standard Contractual Clauses, the UK International Data Transfer Agreement or UK Addendum, provider data-processing terms, transfer-risk assessments, and supplementary technical, contractual, or organisational measures where appropriate.

Route Provider Use

Flightradar24 and Google Maps Platform are used only when you request the related flight or driving-route features and when those features are available to your account. If you do not request those features, Boba Globe does not send your route queries to those providers.

Updates

We may update this list when Boba Globe changes providers, adds a material provider, or removes a provider. Changes are reflected by the last updated date above.

Contact

Questions about service providers or subprocessors can be sent to support@bobaglobe.com.