Sub-processors
Last updated: April 13, 2026
Doru engages a small number of third-party service providers (“sub-processors”) to deliver the service. This page lists each sub-processor, the purpose for which we engage them, the categories of data they process, and where their processing takes place. We update this list when we add or change a sub-processor.
You can subscribe to sub-processor change notifications by contacting info@espartan.net. Existing customers receive at least thirty (30) days’ notice before a new sub-processor is added.
Current sub-processors
| Provider | Purpose | Data processed | Region | Compliance |
|---|---|---|---|---|
| Google Cloud Platform Google LLC | Application hosting (Google Kubernetes Engine), secret management (Secret Manager), and image/video generation (Gemini AI services) | Application metadata, customer account data at rest, encrypted secrets | United States (us-central1) | SOC 2, ISO 27001, GDPR |
| Supabase Supabase, Inc. | Managed PostgreSQL database, authentication, and object storage for customer brand assets | Customer account records, campaign metadata, creative assets, OAuth session data | United States (us-east-1) | SOC 2 Type II, GDPR |
| Composio Composio Inc. | OAuth 2.0 token storage, refresh, and third-party advertising API call execution on behalf of customers | Customer OAuth access and refresh tokens for connected advertising platforms, per-customer connection identifiers | United States | SOC 2, GDPR |
Advertising platforms
In addition to the sub-processors above, Doru transmits campaign operations to the advertising platforms you have explicitly authorized via OAuth 2.0 (for example, Google Ads, Meta Ads, TikTok Ads). Those platforms act as separate controllers or processors of your data under their own terms, and your legal relationship with them is direct.
Questions
Questions about our sub-processors or this list can be directed to info@espartan.net.