Subprocessors
Last updated: June 29, 2026
Tokmeter uses the following third-party processors to deliver the Services. Each operates under a written data processing agreement and is reviewed before onboarding.
Subscribe to changes by emailing privacy@tokmeter.ai or via our contact form — we provide 30 days' notice of new subprocessors that materially change data handling.
| Processor | Purpose | Categories of data | Region |
|---|---|---|---|
| Lovable Cloud (Supabase) | Primary application database, auth, and storage | Account, org, usage rollups, audit log | US (multi-region available on Enterprise) |
| Cloudflare | CDN, edge compute, TLS termination, DDoS protection | Network metadata, hashed IPs | Global edge |
| Paddle | Subscription billing, tax compliance, merchant of record | Billing contact, plan, country, tax ID | UK / US |
| Resend | Transactional & system email delivery | Email address, message content (auth links, receipts, DSR notices) | US / EU |
| OpenAI | AI Gateway proxy (only when org enables the gateway and routes to this provider) | Prompt/response if org enables body capture | US |
| Anthropic | AI Gateway proxy (only when org enables it) | Prompt/response if org enables body capture | US |
| Google (Vertex / Gemini) | AI Gateway proxy (only when org enables it) | Prompt/response if org enables body capture | US / EU |
Customer-controlled processors
When your organization connects a provider (OpenAI, Anthropic, Vertex, Bedrock, Azure OpenAI, Copilot, Cursor, LangSmith, n8n, OTel exporter), that provider becomes a processor of your data on your instructions. Tokmeter only reads the billing and usage metadata exposed by that provider's admin/billing API; we never call the chat/completions endpoints with read-only credentials.
Transfer safeguards
For transfers out of the EEA/UK/Switzerland we rely on the EU Standard Contractual Clauses and the UK IDTA/Addendum. For transfers out of Canada we rely on PIPEDA-compliant contractual commitments with each processor.