Last updated June 28, 2026
Lokly relies on carefully selected sub-processors (third-party service providers) to deliver the Service. All sub-processors are bound by data processing agreements that meet GDPR, DPDPA, and other regulatory standards.
This page lists all current sub-processors. Changes are announced 30 days in advance via email to account holders.
| Provider | Purpose | Data Processed | Region |
|---|---|---|---|
| Supabase | Database, authentication, file storage | All user & business data | AWS (US, EU) |
| Google Gemini | AI-generated review replies & insights | Review text, business name | US |
| Resend | Transactional email delivery | Name, email, invoice data | US |
| Razorpay | Payment processing (India) | Billing info (tokenized) | India |
| Stripe | Payment processing (International) | Billing info (tokenized) | US, EU |
| Vercel | Web hosting & CDN | Request logs, error traces | Global edge |
| Cloudflare | CDN, DDoS protection, analytics | IP, request metadata | Global |
| PostHog | Product analytics & session replay | Usage events, feature interactions | EU (GDPR-compliant) |
| Google Analytics | Website traffic analytics | Anonymized page views, conversions | US |
Purpose: PostgreSQL database, real-time API, authentication, and file storage.
Data: All account data, business information, review data, and user-uploaded files.
Privacy: supabase.com/privacy
Purpose:Generates AI-powered review replies and audit insights. Not used to train Google’s models.
Data: Review text, business name, and optional context. Transmissions are encrypted.
Privacy: policies.google.com/privacy
Purpose: Sends transactional emails (password resets, invoices, alerts).
Data: Email address, name, invoice details.
Privacy: resend.com/privacy
Purpose: Processes payments for Indian customers (UPI, card, net banking).
Data: Billing name, email, amount (card data is tokenized and never stored by Lokly).
Privacy: razorpay.com/privacy
Purpose: Processes international credit/debit card payments.
Data: Billing name, email, amount (card data is tokenized).
Privacy: stripe.com/privacy
Purpose: Hosts the Lokly web application and serves it globally.
Data: Request logs, error traces, and performance metrics.
Privacy: vercel.com/privacy
Purpose: CDN, DDoS protection, and analytics proxy.
Data: IP address, request metadata, access logs.
Privacy: cloudflare.com/privacypolicy
Purpose: Tracks feature usage and user interactions for product improvement. GDPR-compliant with EU data residency.
Data: Feature interactions, session duration, error events (no PII by default).
Privacy: posthog.com/privacy
Purpose: Tracks website traffic and user behavior for analytics.
Data: Anonymized page views, referrer, device type (consent-based for EU).
Privacy: policies.google.com/privacy
All sub-processors are required to maintain:
For certain sub-processors, you can opt out:
Core sub-processors (Supabase, payment providers, Vercel) cannot be disabled as they are essential to the Service.
We may engage new sub-processors or replace existing ones. You will be notified by email 30 days in advance of any changes that materially affect the processing of your personal data.
You have the right to object to a new sub-processor within 30 days by emailing privacy@lokly.in. If you object, we will work with you to find an alternative solution or enable you to export your data and terminate your account.
For questions about our sub-processors, contact: