Sub-Processors

Purpose

Database, authentication, and file storage

Data processed

Account data, affiliate data, click and conversion records, commission records, email logs

Notes

Managed PostgreSQL on AWS with row-level security and encryption at rest.

Purpose

Application hosting, deployment platform, and edge network

Data processed

HTTP requests to our website and APIs, IP addresses, user agent details, error logs, and service-generated metadata necessary to operate the platform

Notes

Vercel hosts the RewriteBar website and serverless functions. Customer data is processed only as necessary to deliver and secure the service, under Vercel's Data Processing Agreement and security measures.

Purpose

Application hosting, CDN, DDoS protection, TLS

Data processed

All traffic passes through Cloudflare's network. No persistent data storage of user data.

Notes

Platform is deployed as a Cloudflare Worker. Cloudflare does not process or store application data.

Purpose

Payment processing, subscription billing, and fraud prevention

Data processed

Customer name, email address, billing address, partial payment details (such as card type and last four digits), transaction history, and device/network identifiers used for fraud detection. Full card details are processed and stored only by Stripe as a PCI DSS Level 1 compliant provider.

Notes

Stripe acts as our payment processor and merchant of record services provider. Sensitive payment information never touches our servers and is handled directly by Stripe in accordance with their security and privacy controls.

Purpose

Transactional and product-related email delivery

Data processed

Recipient email addresses, sender information, email subject lines and content, delivery metadata (timestamps, IPs, open/click events), and email performance metrics

Notes

Mailgun is used to send transactional and account-related emails from RewriteBar. Email content and logs are stored for a limited time to ensure delivery, troubleshoot issues, and comply with legal obligations, according to Mailgun's privacy and data retention policies.

Purpose

AI text generation and rewriting for RewriteBar features

Data processed

Text prompts you send from RewriteBar, generated completions, and technical metadata (such as token counts and request identifiers) required to operate the API

Notes

When you use the RewriteBar Gateway / cloud provider, your text is transmitted from RewriteBar's backend to OpenAI's API for processing. If you instead configure your own OpenAI API key inside the macOS app, prompts and completions are sent directly from your device to OpenAI and do not pass through our servers. According to OpenAI's current API data usage policies, API data is not used to train OpenAI models by default, and short-term logs may be kept for abuse monitoring and reliability.

Purpose

Multi-provider AI gateway used to route RewriteBar requests to different AI models

Data processed

Text prompts and completions sent via RewriteBar, along with request metadata (token counts, latency, and model identifiers) needed for routing, billing, and analytics

Notes

OpenRouter is only used as part of the RewriteBar Gateway / cloud provider to route your requests to different AI models. When you use your own API keys directly in the macOS app, compatible providers are called by your device without going through OpenRouter. By default, OpenRouter does not store prompts or responses unless logging is explicitly enabled; limited anonymous sampling may occur for abuse prevention and model quality metrics, as described in their privacy documentation.

Purpose

Privacy-friendly website analytics

Data processed

Page views, referrer sources, device type, country (aggregated only, no cookies, no cross-site tracking)

Notes

Umami is self-hosted and managed by us. Analytics data stays within our own hosting environment.