RylvoRylvo

Legal

Service Providers

The infrastructure and service providers that may process data to operate Rylvo.

Last updated July 13, 2026

Data Processing Addendum

In short

  • We keep this list current.
  • Customer-selected integrations remain under the Operator's direction.
  • Material new subprocessors are subject to the DPA objection process.

This summary is for convenience only and is not a substitute for the full text below.

01Core Service Providers

The following providers may process personal data to deliver Rylvo. A provider is a subprocessor only to the extent it processes Customer Data on Rylvo's behalf.

  • Google Cloud Platform and Firebase (Google LLC): United States and customer/configuration-dependent regions — cloud hosting, compute, authentication, Firestore databases, object storage, Cloud SQL/PostgreSQL, logging, security, and analytics when consented.
  • Resend (Resend, Inc.): United States — transactional email, account notifications, support delivery, and customer-configured broadcasts.
  • OpenAI (OpenAI, L.L.C. and applicable affiliates): United States and provider-documented regions — embeddings or model processing only where Rylvo's configured service path or the Operator's selected provider uses OpenAI.
  • OpenRouter (OpenRouter, Inc.): United States and downstream model-provider regions — model routing only when selected or configured by the Operator.
  • Cloudflare (Cloudflare, Inc.): global network — signup-abuse prevention through Turnstile when enabled; related technical and security data only.

02Payments & Independent Recipients

Dodo Payments acts as Merchant of Record for subscriptions and eligible purchases. It independently determines processing necessary for payment methods, fraud controls, tax, invoicing, refunds, and legal compliance. For limited account and transaction data processed solely to integrate billing with Rylvo, it may also provide services to Rylvo. Its own buyer terms and privacy notice apply.

03Customer-Directed Integrations

Rylvo can transmit Customer Data to services the Operator chooses and configures. These recipients are not Rylvo subprocessors merely because Rylvo provides the connection. The Operator controls the destination and is responsible for its contract, lawful basis, retention, security, and international transfers.

  • AI and embedding providers selected through BYOK, including providers reached through OpenRouter.
  • Channels and communications providers such as Meta/WhatsApp, Twilio, Telegram, Slack, Discord, LINE, email providers, and customer webhooks.
  • MCP servers, OAuth applications, connectors, ticketing and productivity tools selected by the Operator.
  • Conversation Storage databases, object stores, warehouses, Redis instances, and webhooks owned or selected by the Operator.

04Changes & Objections

We will update this page before a new provider materially processes Customer Data. Customers may object on reasonable data-protection grounds within 15 days of notice by emailing contact@rylvo.com with the subject line ‘Subprocessor objection’, as described in the DPA. Provider locations can change within their documented infrastructure; contact us for information relevant to a transfer assessment.