Trust Center
Subprocessors.
A subprocessor is a third-party service we engage to help deliver the platform and that may process customer or end-user data on our behalf. This page lists every one we use, what it does, the categories of data it processes, and where that processing happens.
Last reviewed: June 14, 2026
Current registry
Named subprocessors.
| Vendor | Purpose | Data categories | Region |
|---|---|---|---|
| Stripe | Payment processing and interpreter payouts (Stripe Connect). | Organization and interpreter name, email, payment-method details, and payout/bank information. Lingfaro does not store full card numbers or bank credentials. | United States |
| Google (Identity — OAuth SSO) | Single sign-on authentication for users who sign in with Google. | Email address, name, and Google account ID. | United States |
| Google Fonts | Delivery of the platform's web fonts. | Request metadata (IP address, user-agent) at font-load time. No account data. | United States / global CDN |
| PostHog (Cloud US) | Product analytics used to operate and improve the Service. | Product-usage events keyed to pseudonymous user IDs. Direct identifiers and any PHI are scrubbed before send. | United States |
| DigiCert | RFC-3161 trusted timestamping used to seal tamper-evident session records. | SHA-256 hashes only. No customer data, names, or session content are transmitted. | United States |
| Transactional email provider (SMTP) | Delivery of transactional email — invites, notifications, and password resets. | Recipient email address and name, plus the contents of the message being sent. | Configured per deployment |
| Managed PostgreSQL host | Primary application data store. | All application data — accounts, organizations, engagements, sessions, and billing records. | United States |
| Replit | Application hosting and deployment. | Application data processed in transit and at rest within the hosting environment. | United States |
| Expo | Mobile application framework, build, and update delivery. | App delivery and update metadata. On-device location, captured only with consent, is sent to Lingfaro's own API — not to Expo. | United States |
Stripe
- Purpose
- Payment processing and interpreter payouts (Stripe Connect).
- Data categories
- Organization and interpreter name, email, payment-method details, and payout/bank information. Lingfaro does not store full card numbers or bank credentials.
- Region
- United States
Google (Identity — OAuth SSO)
- Purpose
- Single sign-on authentication for users who sign in with Google.
- Data categories
- Email address, name, and Google account ID.
- Region
- United States
Google Fonts
- Purpose
- Delivery of the platform's web fonts.
- Data categories
- Request metadata (IP address, user-agent) at font-load time. No account data.
- Region
- United States / global CDN
PostHog (Cloud US)
- Purpose
- Product analytics used to operate and improve the Service.
- Data categories
- Product-usage events keyed to pseudonymous user IDs. Direct identifiers and any PHI are scrubbed before send.
- Region
- United States
DigiCert
- Purpose
- RFC-3161 trusted timestamping used to seal tamper-evident session records.
- Data categories
- SHA-256 hashes only. No customer data, names, or session content are transmitted.
- Region
- United States
Transactional email provider (SMTP)
- Purpose
- Delivery of transactional email — invites, notifications, and password resets.
- Data categories
- Recipient email address and name, plus the contents of the message being sent.
- Region
- Configured per deployment
Managed PostgreSQL host
- Purpose
- Primary application data store.
- Data categories
- All application data — accounts, organizations, engagements, sessions, and billing records.
- Region
- United States
Replit
- Purpose
- Application hosting and deployment.
- Data categories
- Application data processed in transit and at rest within the hosting environment.
- Region
- United States
Expo
- Purpose
- Mobile application framework, build, and update delivery.
- Data categories
- App delivery and update metadata. On-device location, captured only with consent, is sent to Lingfaro's own API — not to Expo.
- Region
- United States
How changes are communicated
Keeping this list current.
We review this registry regularly and update it whenever we add, remove, or replace a subprocessor. The date at the top reflects the most recent review.
For clients with an active Data Processing Addendum or Business Associate Agreement, material additions are communicated as that agreement provides, so your compliance team can assess any new vendor before it begins processing data.
Questions about a specific subprocessor, or a request to be notified of future changes, can be sent through our contact page .
Reviewing us for procurement?
Our Trust Center consolidates security, privacy, compliance, and the documentation we provide on request.