Approved Subprocessors
Last updated: January 30, 2026
When Refine acts as a data processor handling personal data from customers, we may engage subprocessors to help deliver our services. A subprocessor is a third-party vendor who processes personal data on our behalf. This page provides transparency about who these subprocessors are and what services they provide.
| Subprocessor | Country | Service Description | Compliance |
|---|---|---|---|
| Microsoft Azure | USA | Cloud infrastructure, hosting, database, storage, and email services | SOC 2 Type IIISO 27001GDPR |
| Clerk | USA | Authentication provider (OAuth 2.0 / OIDC) | SOC 2 Type IIGDPR (EU-U.S. DPF) |
| Stripe | USA | Payment processing | PCI-DSS Level 1SOC 2 Type IIGDPR (EU-U.S. DPF, SCCs) |
| OpenRouter | USA | LLM gateway for AI processing (no model training, optional zero data retention) | SOC 2 |
| PostHog | EU | Product analytics and feature flags | SOC 2GDPR |
| Mathpix | USA | PDF document conversion (no data retention) | SOC 2GDPR |
Changes to Subprocessors
Under Section 2.6(a) of our DPA Standard Terms, customers receive at least 10 business days prior notice of any changes to this subprocessor list.
Questions?
If you have questions about our subprocessors or data processing practices, please contact us:
Refine Technologies, Inc.
131 Continental Dr suite 305, Newark, DE 19713, USA
Email: privacy@refine.ink