The list below covers every external service that handles customer-controlled personal data. Services we use for our own internal operations (analytics, observability, internal documentation) and that never see customer data are not listed.
| Sub-processor | Purpose | Jurisdiction | Transfer mechanism |
|---|---|---|---|
| OVH SAS | Hosting — application servers and primary MongoDB | France (EU) | Intra-EU, no transfer mechanism required |
| Fly.io, Inc. | Per-pull-request analysis sandbox (Fly Machines / Firecracker microVMs) | United States, with EU regions available | Standard Contractual Clauses (EU 2021/914), EU regions used by default |
| Fireworks AI, Inc. | Large language model inference for review generation | United States | Standard Contractual Clauses + Data Processing Addendum; zero retention, no training on customer prompts |
| Stripe Payments Europe, Ltd. | Payment processing, invoicing, customer billing portal | Ireland (EU) and United States | EU contracting entity for EU customers; Standard Contractual Clauses for any onward US transfer |
| Cloudflare, Inc. | DNS, edge proxy, WAF, CDN, and R2 object storage for encrypted database backups | United States, EU points of presence | Standard Contractual Clauses + Data Processing Addendum; EU jurisdiction R2 buckets |
| GitHub, Inc. | OAuth identity, GitHub App, pull-request and repository metadata sourced via webhook | United States | Standard Contractual Clauses; GitHub is the customer's primary code-hosting provider |
| Google LLC | OAuth identity (Sign in with Google) | United States, with EU presence | Standard Contractual Clauses; only invoked when a user explicitly selects Google sign-in |
What we never send out
Customer source code is never persisted in any third-party database. It lives in the Fly Machine's volatile memory for the duration of an analysis and is destroyed when the VM is torn down. Prompts to Fireworks include only the diff hunks and the structural metadata the model needs; Fireworks commits contractually to zero retention and no training on customer prompts.
Notice of changes
We will email organisation owners at least 30 days before adding a new sub-processor or replacing an existing one. Subscribe to changes by mailing privacy@acuvis.dev with the subject "sub-processor updates". The list on this page is the authoritative source — if a customer needs a point-in-time copy for their own compliance file, contact us and we will issue a signed snapshot.
Objection right
Under Art. 28(2) GDPR, you may object to a new sub-processor on reasonable grounds. If we cannot accommodate your objection within a reasonable period, you may terminate the affected service with a pro-rated refund of any pre-paid fees.