Subprocessors

Skillvora maintains a public list of subprocessors. We notify institutional customers of material changes at least 30 days before a new subprocessor begins processing customer data, giving customers a reasonable window to object as defined in our DPA.

Current subprocessors:

• Supabase / AWS (US) — primary database, authentication, file storage, edge compute. Data: all customer and end-user data.

• Stripe (US) — payment processing for individual and department subscriptions. Data: billing contact, payment method tokens. No card numbers stored by Skillvora.

• Resend (US) — transactional email delivery. Data: recipient email, message content.

• Google (US) — AI model inference via the Gemini API for simulation generation and runtime. Data: scenario content and turn-level transcript. Configured to disallow training on customer prompts.

• OpenAI (US) — AI model inference for selected authoring features. Data: scenario content. Configured under zero-data-retention terms where available.

• Cloudflare (Global) — CDN, DDoS protection, bot management. Data: request metadata, IP addresses.

Last updated: May 9, 2026. To subscribe to subprocessor change notifications, email security@skillvora.io.