Subprocessors

Last updated: 12 June 2026

Äng uses the third-party service providers (subprocessors) listed below to provide the Service. Each provider processes personal data only to the extent needed for the stated purpose, under a data processing agreement with us.

We update this page when we add, replace, or remove a subprocessor. If you have an active Data Processing Agreement with us and want to be notified of changes, contact us at privacy@ang.studio.

Supabase

  • Purpose: Database, authentication, and file storage
  • Data processed: Account data (email, user ID), boards, images, files, and other user content
  • Location / transfer safeguard: EU

Vercel

  • Purpose: Application hosting, edge network, bot protection, and cookie-free web analytics (analytics only after consent)
  • Data processed: Technical request data (IP address, request logs), usage events
  • Location / transfer safeguard: Global edge network — EU–US Data Privacy Framework / SCCs

Google

  • Purpose: Sign-in (Google OAuth) and Gemini AI image generation
  • Data processed: Login identifiers; prompts, images, and files you submit to AI features
  • Location / transfer safeguard: EU/US — EU–US Data Privacy Framework / SCCs

OpenAI

  • Purpose: Realtime voice transcription (only when you use voice input)
  • Data processed: Audio snippets and resulting transcripts
  • Location / transfer safeguard: US — EU–US Data Privacy Framework / SCCs

fal.ai

  • Purpose: 3D model generation (only when you use image-to-3D)
  • Data processed: Images you submit for 3D generation
  • Location / transfer safeguard: US — SCCs

Sentry

  • Purpose: Error monitoring and crash reporting
  • Data processed: User ID, email, device and error context (replays masked, PII scrubbed)
  • Location / transfer safeguard: EU (Frankfurt)

PostHog

  • Purpose: Product analytics (only after you consent to analytics)
  • Data processed: User ID (UUID only — never email or name), feature-usage events
  • Location / transfer safeguard: EU (Frankfurt)

Upstash

  • Purpose: Rate limiting and background job queue
  • Data processed: User identifiers, request counters, transient job metadata
  • Location / transfer safeguard: Per deployment region — SCCs where applicable

Resend

  • Purpose: Transactional email (sign-in links, invites)
  • Data processed: Email address, message content and delivery metadata
  • Location / transfer safeguard: US — EU–US Data Privacy Framework / SCCs

Notion

  • Purpose: Internal management of in-app feedback (only when you submit feedback)
  • Data processed: Feedback message, your email address
  • Location / transfer safeguard: US — EU–US Data Privacy Framework / SCCs

Content delivery (no user content)

Some on-device features (such as background removal) download machine-learning model files from the jsDelivr and Hugging Face content delivery networks. Your browser's IP address is visible to these CDNs when fetching the files, but no user content or account data is sent to them.

See our Privacy Policy for how we handle personal data, our Data Processing Agreement for business customers, and our Cookie Policy for cookies and similar technologies.

← Back to sign in