Sub-processors

Last updated: April 2026

Matrizexplícita Lda ("pdftoexcel") engages the third-party sub-processors listed below to deliver the service. Each sub-processor is bound by data-protection terms no less protective than our Data Processing Addendum. This page is the canonical, current list and is incorporated into the DPA as Annex III.

Change notice

We notify customers of any new or replaced sub-processor at least 30 days before the change takes effect. To subscribe to change notices, email hello@bankpdftoxls.com with the subject "Subscribe to sub-processor changes". Customers on a paid plan may object on reasonable data-protection grounds within the notice period as set out in the DPA.

Current sub-processors

Vercel Inc.

Their DPA / terms →

Purpose: Web hosting and edge serving for the marketing site and application.
Data processed: HTTP request metadata (IP, user-agent), uploaded PDFs in transit only, account session cookies. No PDFs at rest.
Location: United States (us-east-1).
Certifications: SOC 2 Type II, ISO 27001:2022, PCI DSS.
Transfer mechanism: EU SCCs (2021/914) + EU–US Data Privacy Framework certification.

Supabase Inc.

Their DPA / terms →

Purpose: Postgres database, authentication, and object storage for user accounts, extracted transaction rows, and (where applicable) source PDFs.
Data processed: Account email, hashed credentials, document metadata, extracted transaction rows, source PDFs (when held for manual review).
Location: European Union (Frankfurt, eu-central-1).
Certifications: SOC 2 Type II, HIPAA-ready.
Transfer mechanism: Primary processing remains in the EU. EU SCCs (2021/914) apply for any onward transfer to Supabase support staff outside the EEA.

Fly.io (HashiCorp / Fly Industries)

Their DPA / terms →

Purpose: Compute for the Python parser worker that performs PDF extraction, reconciliation, and LLM orchestration.
Data processed: Source PDFs (in memory only during a parse), document identifiers, parse metadata.
Location: United States (iad — Ashburn, Virginia).
Certifications: SOC 2 Type II.
Transfer mechanism: EU SCCs (2021/914) + EU–US Data Privacy Framework certification.

Google LLC (Gemini API)

Their DPA / terms →

Purpose: Vision LLM extraction for PDFs that the deterministic fast-path cannot reconcile. Used as a fallback only.
Data processed: Page images and structured prompt for the document being parsed. Sent only when fallback is triggered.
Location: United States (paid-tier Gemini API).
Certifications: SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018.
Transfer mechanism: EU SCCs (2021/914) + EU–US Data Privacy Framework certification. Paid-tier Gemini API does not use prompts or responses to train Google models.

Anthropic, PBC (Claude API)

Their DPA / terms →

Purpose: Vision LLM extraction (Claude Haiku 4.5 and Sonnet 4.5) used as a second-tier fallback when Gemini cannot reconcile a result.
Data processed: Page images and structured prompt for the document being parsed. Sent only when secondary fallback is triggered.
Location: United States.
Certifications: SOC 2 Type II, ISO 27001.
Transfer mechanism: EU SCCs (2021/914). Under Anthropic's Commercial Terms, API inputs and outputs are not used to train Claude.

Stripe, Inc. and Stripe Payments Europe Ltd.

Their DPA / terms →

Purpose: Payment processing, subscription billing, and customer-billing portal.
Data processed: Billing name, billing email, billing address, payment-method tokens, transaction amounts. Card numbers are tokenized by Stripe and never reach pdftoexcel.
Location: United States and European Union (Stripe operates dual-region).
Certifications: SOC 1 Type II, SOC 2 Type II, ISO 27001, PCI DSS Level 1.
Transfer mechanism: EU SCCs (2021/914) + EU–US Data Privacy Framework certification.

Resend, Inc.

Their DPA / terms →

Purpose: Transactional email (sign-up, password reset, conversion notifications, billing receipts).
Data processed: Recipient email address, subject and body of transactional messages.
Location: United States.
Certifications: SOC 2 Type II.
Transfer mechanism: EU SCCs (2021/914).

Functional Software, Inc. (Sentry)

Their DPA / terms →

Purpose: Application error monitoring and performance telemetry.
Data processed: Stack traces, browser/runtime metadata, user identifiers (UUIDs only). Pre-send filters strip transaction descriptions, account numbers, and email addresses before transmission.
Location: United States.
Certifications: SOC 2 Type II, ISO 27001.
Transfer mechanism: EU SCCs (2021/914) + EU–US Data Privacy Framework certification.

PostHog Inc.

Their DPA / terms →

Purpose: Product analytics — page views, conversion-funnel events, feature-usage metrics. Only loaded when the user accepts analytics in the consent banner.
Data processed: Anonymous device identifier, page URLs, click events on landing pages and pricing pages. Session replay and DOM autocapture are disabled. No transaction data, form input, or PDF content is sent.
Location: European Union (PostHog EU cloud).
Certifications: SOC 2 Type II.
Transfer mechanism: Primary processing in the EU.

A note on LLM sub-processors

About 70% of conversions complete on the deterministic pdfplumber fast-path with no LLM call at all — your file never leaves our infrastructure. The fallback path sends page images to Google Gemini first, and only escalates to Anthropic Claude if Gemini cannot produce a reconcilable result. Both providers operate under commercial API terms that contractually exclude customer data from model training. We monitor both providers' policies on a quarterly cadence and will update this page if the posture changes.

Contact

Questions about a sub-processor or the controls applied to it — email hello@bankpdftoxls.com. Postal: Matrizexplícita Lda, Portugal.