Subprocessor List
Last Updated: April 14, 2026
Overview
EduLibra, Inc. (“EduLibra”) uses a limited set of trusted third-party service providers (“Subprocessors”) to operate its platform. This page lists those providers, describes the categories of data each processes, and identifies the general location of processing. It is intended to support transparency, Data Processing Agreement requirements, and institutional security reviews.
This list is maintained as a current snapshot. We may update it as our vendor stack evolves. Where we have entered into a Data Processing Agreement or similar institutional agreement that requires advance notice of Subprocessor changes, we will provide that notice as contractually required. Some categories below include providers marked “TBD” where a specific vendor is reserved for future use; we update the list when those vendors are engaged.
Infrastructure and Core Platform
Provider | Purpose | Data categories | Location |
|---|---|---|---|
Amazon Web Services (AWS) | Cloud infrastructure, compute, storage, databases | All categories of data processed by the Services, including account data, Publisher Content, Subscriber usage data, and educational and assignment data | United States |
Cloudflare | CDN, edge delivery, DDoS protection, edge caching | Request metadata, IP addresses, cached content | Global edge (US primary) |
Backup / disaster recovery storage (TBD) | Secondary storage for backups and disaster recovery | Backup copies of production data | United States |
Payments
Provider | Purpose | Data categories | Location |
|---|---|---|---|
Stripe, Inc. | Payment processing, Stripe Connect for Publisher payouts, KYC, tax form issuance, chargeback handling | Payment card information, bank account information, Publisher tax identification, transaction data, identity verification data | United States |
Authentication
Provider | Purpose | Data categories | Location |
|---|---|---|---|
Google LLC | Google sign-in (OAuth) | Name, email address, account identifier (as provided by the user through OAuth) | United States |
Microsoft Corporation | Microsoft sign-in (OAuth), school single sign-on via Microsoft | Name, email address, account identifier (as provided by the user through OAuth) | United States |
Communications
Provider | Purpose | Data categories | Location |
|---|---|---|---|
Mailgun | Transactional email delivery | Email address, name, email content | United States |
Amazon SES | Transactional email delivery (AWS-native) | Email address, name, email content | United States |
Twilio | SMS and voice communications | Phone number, message content, call metadata | United States |
Marketing email platform (TBD) | Non-transactional marketing and announcement email | Email address, name, engagement metadata | United States |
Support
Provider | Purpose | Data categories | Location |
|---|---|---|---|
Help Scout | Support ticket management | Email address, name, support correspondence content | United States |
Operational Tooling
Provider | Purpose | Data categories | Location |
|---|---|---|---|
Sentry | Application error tracking and debugging | Error logs, stack traces, limited user identifiers (as present in error context) | United States |
Datadog | Infrastructure monitoring, log aggregation, observability | Application logs, request metadata, limited user identifiers (as present in logs) | United States |
Product analytics provider (TBD) | Product usage analytics | De-identified or pseudonymous usage events, device and browser metadata | United States |
Anti-abuse / fraud detection (TBD) | Detection of spam, scraping, account abuse, and similar platform misuse | IP addresses, behavioral signals, device metadata | United States |
Media
Provider | Purpose | Data categories | Location |
|---|---|---|---|
Video hosting / transcoding (TBD) | Hosting, transcoding, and delivery of video content included in Publisher Content | Video files, viewing metadata | United States |
AI and Machine Learning
Provider | Purpose | Data categories | Location |
|---|---|---|---|
AI / LLM provider (TBD) | AI-assisted features within the Services, where offered; governed by the AI commitments in the EduLibra Terms of Service and Privacy Policy | Content and prompts submitted to AI features; does not include student work or identifiable student data used for model training | United States |
Business Operations
Provider | Purpose | Data categories | Location |
|---|---|---|---|
Customer relationship management (TBD) | Sales, Publisher, and institutional contact management | Business contact information, communications history | United States |
How We Handle Subprocessor Changes
We evaluate Subprocessors for suitability before engaging them, including reviewing their security, privacy, and data-handling practices. Each Subprocessor is contractually required to process personal data only for purposes consistent with our Privacy Policy and any applicable institutional agreements.
When we add or replace a Subprocessor, we update this list. Where an Institutional Agreement with a school, district, or other institution requires specific advance notice of Subprocessor changes, we provide that notice as contractually required. Institutional Subscribers with questions about a specific proposed change may contact privacy@edulibra.com.
A Note on What Is Not Listed
This list covers third-party Subprocessors that handle personal data on our behalf as part of operating the Services. It does not list:
software tools used only internally by EduLibra staff that do not receive user personal data (for example, internal productivity tools where no user data is processed);
services the user has chosen to connect on their own, which are governed by the user’s direct relationship with those services;
Publishers, schools, institutions, or other parties who are themselves Subscribers or counterparties rather than Subprocessors.
Contact
Questions about this list may be directed to:
EduLibra, Inc.
455 Market St Ste 1940 PMB 703322
San Francisco, CA 94105-2448