Legal

Subprocessors

Third-party vendors that process personal data on behalf of Fauxto Labs.

Last updated: September 2025

About this list

This page lists third-party vendors that process personal data for us as “processors.” We publish it for transparency and to meet GDPR/CPRA expectations. We'll notify users before adding a new subprocessor where required, and update this page when anything changes.

Questions or objections? Email [email protected] with subject “Subprocessor Inquiry.” Enterprise customers with a DPA should reference their contract terms.

Current subprocessors

Amazon Web Services

S3, CloudFront

Purpose: Storage and delivery of user uploads, generated media, backups

Data: Media files, filenames, object metadata, user IDs in paths, logs

Region: US

Transfer: n/a (US storage) or SCCs

Render

Purpose: Backend hosting

Data: IP addresses, request logs, limited account identifiers

Region: US

Transfer: SCCs if cross-border

Cloudflare

Purpose: DNS, CDN, WAF, bot protection

Data: IP addresses, request metadata

Region: Global

Transfer: SCCs

Auth0

Purpose: Authentication, session handling

Data: Email, name, auth identifiers, tokens

Region: US/EU

Transfer: SCCs

Stripe

Purpose: Payments

Data: Billing identifiers, tokenized payment info, last4, billing address

Region: US/EU

Transfer: SCCs

FAL.ai

Purpose: AI inference for image/video/audio

Data: Prompts, generation params, uploaded refs, outputs

Region: US/EU

Transfer: SCCs

All processors are restricted to least-privilege access and bound by DPAs and confidentiality agreements.

Retention overview

Media and models — Retained until user deletes or account closes; backups purge in 30–45 days.

Logs — 30–90 days, unless needed for security.

Billing records — Per tax law requirements.

Planned changes

None at this time. Additions will be posted here at least 30 days before activation when contractually required.

Questions? Contact [email protected]

Privacy PolicyHow we handle your data

Terms of ServiceLegal terms and conditions

Cookie PolicyHow we use cookies

ContactGet in touch

Legal

Subprocessors

Third-party vendors that process personal data on behalf of Fauxto Labs.

Last updated: September 2025

About this list

Questions or objections? Email [email protected] with subject “Subprocessor Inquiry.” Enterprise customers with a DPA should reference their contract terms.

Current subprocessors

Amazon Web Services

S3, CloudFront

Purpose: Storage and delivery of user uploads, generated media, backups

Data: Media files, filenames, object metadata, user IDs in paths, logs

Region: US

Transfer: n/a (US storage) or SCCs

Render

Purpose: Backend hosting

Data: IP addresses, request logs, limited account identifiers

Region: US

Transfer: SCCs if cross-border

Cloudflare

Purpose: DNS, CDN, WAF, bot protection

Data: IP addresses, request metadata

Region: Global

Transfer: SCCs

Auth0

Purpose: Authentication, session handling

Data: Email, name, auth identifiers, tokens

Region: US/EU

Transfer: SCCs

Stripe

Purpose: Payments

Data: Billing identifiers, tokenized payment info, last4, billing address

Region: US/EU

Transfer: SCCs

FAL.ai

Purpose: AI inference for image/video/audio

Data: Prompts, generation params, uploaded refs, outputs

Region: US/EU

Transfer: SCCs

All processors are restricted to least-privilege access and bound by DPAs and confidentiality agreements.

Retention overview

Media and models — Retained until user deletes or account closes; backups purge in 30–45 days.

Logs — 30–90 days, unless needed for security.

Billing records — Per tax law requirements.

Planned changes

None at this time. Additions will be posted here at least 30 days before activation when contractually required.

Questions? Contact [email protected]

Privacy PolicyHow we handle your data

Terms of ServiceLegal terms and conditions

Cookie PolicyHow we use cookies

ContactGet in touch