Legal

Subprocessors

The third-party service providers we engage to help operate GBPcentral and the Excellence Award program. This page is intended to be referenceable from data processing agreements and customer due-diligence questionnaires.

Effective April 25, 2026

At a Glance

A plain-language summary of who we engage and what they do. This summary is provided for convenience only; the full disclosures below are the binding reference for our data processing agreements.

Who we engage

Three subprocessors: Stripe for payment processing, Google for Business Profile and Places API access, and Resend for transactional email. No advertising, analytics, or tracking vendors.

What they process

Only the minimum data each vendor needs to do the job we contracted them for: billing details for Stripe, OAuth tokens and Business Profile metadata for Google, recipient email and message content for Resend.

Where data is processed

Primarily in the United States. Stripe and Google operate global infrastructure for resilience; Resend processes mail in the US. Each vendor is bound to maintain appropriate safeguards for international transfers.

How we communicate changes

We update this page before adding, replacing, or removing a subprocessor for a material category of processing. Customers on contractual change-notice clauses are notified by email or in-product on the contractual timeline.

On This Page

01 Purpose of this page

A subprocessor is a third party we engage to process information in connection with providing GBPcentral. We require each subprocessor to use personal information only for the purpose of providing the services we have contracted them for, and to maintain technical and organizational safeguards appropriate to the data they handle. The full list below restates the table in our Privacy Policy and adds the operator’s legal name, the legal entity address, and a direct link to the provider’s own privacy notice.

We will update this page when we add, replace, or remove a subprocessor and, where required by law or contract, will provide notice of material changes prior to engaging a new subprocessor.

02 Current subprocessors

2.1 Stripe, Inc.

  • Purpose: payment processing, subscription billing, invoice generation, payment dispute management, and tax calculation where applicable.
  • Data categories: billing contact details (name, billing address, email), payment method metadata (card brand, last four digits, expiration), transaction records, refund and chargeback metadata.
  • Location of processing: United States, with global data centres operated by Stripe.
  • Operator entity: Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, CA 94080, United States.
  • Privacy notice: stripe.com/privacy
  • Data processing addendum: stripe.com/legal/dpa

2.2 Google LLC

  • Purpose: Google Business Profile API access (reading and writing the customer’s connected Business Profile), OAuth authentication for account linking, and Google Places API access for the free audit tool and Excellence Award evaluation.
  • Data categories: Google account identifiers, OAuth tokens, Business Profile metadata you authorize us to access, and publicly available Google Places data for businesses we evaluate (name, address, category, rating, review count, business status).
  • Location of processing: United States, with global infrastructure operated by Google.
  • Operator entity: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
  • Privacy notice: policies.google.com/privacy
  • API user data policy: developers.google.com/terms/api-services-user-data-policy

2.3 Resend, Inc.

  • Purpose: delivery of transactional and program email, including password resets, security alerts, billing notices, audit-tool result delivery, Excellence Award notifications, opt-out and print-request confirmations, and shipped-status notifications.
  • Data categories: recipient email address, message content, message metadata, delivery-status events (queued, delivered, bounced, complained).
  • Location of processing: United States.
  • Operator entity: Resend, Inc., San Francisco, CA, United States.
  • Privacy notice: resend.com/legal/privacy-policy
  • Data processing addendum: resend.com/legal/dpa

03 Notifications of changes

We will publish an updated version of this page in advance of engaging a new subprocessor or replacing an existing one for a material category of processing. Where the customer is on a paid plan and a contractual change-notice clause applies, we will notify customers by email or through the Service in the time frame set out in the applicable agreement. If you would like to receive change notifications even when no contractual obligation applies, please contact privacy@gbpcentral.com.

04 Operating entity

GBPcentral is operated by Stackvate Inc..

Stackvate Inc.
1270 Avenue of the Americas, 7th Floor - 1169
New York, NY 10020, United States
Privacy contact: privacy@gbpcentral.com