Lista de Subprocesadores
Sub-processor List
Live document. Last updated June 22, 2026
This page lists the third-party sub-processors that Myner AG engages to process personal data of Members in connection with the Myner Service. Myner remains responsible for sub-processor compliance under our Privacy Policy and the applicable Data Processing Addenda. This list is maintained on an ongoing basis; the current version always governs.
Myner AG • Gartenstrasse 6, 6300 Zug, Switzerland • CHE-202.314.864
Current sub-processors
DATABASE, AUTHENTICATION, STORAGE (PRIMARY DATA STORE)
Supabase, Inc.
Data categories: Account, profile, receipts, transactions, survey responses, derived attributes
Processing region: Germany (eu-central-1, Frankfurt)
Transfer mechanism: Swiss-amended SCCs / Swiss-US DPF (per executed DPA)
DPA status: Executed
CLOUD HOSTING AND INFRASTRUCTURE
Amazon Web Services, Inc. (EEA contracting: AWS EMEA SARL)
Data categories: Underlying infrastructure for primary data store and direct services; all member data categories
Processing region: Germany (Frankfurt, eu-central-1)
Transfer mechanism: SCCs incorporated in AWS Service Terms; DPF-certified
DPA status: Incorporated
RECEIPT OCR AND PROCESSING
Google LLC (ML Kit, Gemini); Amazon Web Services, Inc.; Supabase, Inc.
Data categories: Receipt images, extracted line items, merchant and product data
Processing region: Germany (EU regions for Google and AWS); Supabase as above
Transfer mechanism: SCCs / DPF (Google, AWS); per Supabase DPA
DPA status: Incorporated (Google, AWS); executed (Supabase)
LLM / AI API
Google LLC (Gemini)
Data categories: Receipt content and derived text inputs
Processing region: Germany / EU endpoints
Transfer mechanism: SCCs / DPF
DPA status: Incorporated
IDENTITY VERIFICATION AND FRAUD DETECTION
Cloudflare, Inc. (Turnstile); Supabase, Inc.
Data categories: Device signals, IP address, account identifiers
Processing region: Global edge (Cloudflare); Supabase as above
Transfer mechanism: SCCs / DPF
DPA status: Incorporated (Cloudflare); executed (Supabase)
DATA CLEANROOM
Supabase, Inc.
Data categories: Hashed identifiers and member attributes made available for matched-audience products
Processing region: Germany (eu-central-1, Frankfurt)
Transfer mechanism: Per executed Supabase DPA
DPA status: Executed
PUSH NOTIFICATIONS
OneSignal, Inc.
Data categories: Push subscription token, device identifiers, app event triggers (notification content excludes consumer health data)
Processing region: EU (Netherlands, europe-west4 per OneSignal infrastructure); global delivery edge
Transfer mechanism: Swiss-amended SCCs / Swiss-US DPF
DPA status: Incorporated
MOBILE APP ANALYTICS (ANDROID)
Google LLC (Google Analytics for Firebase)
Data categories: App and device identifiers, app events, screen-view events (consumer-health-data screens excluded; precise location stripped)
Processing region: United States
Transfer mechanism: SCCs / DPF
DPA status: Incorporated
CRYPTO REDEMPTION
thirdweb, Inc.
Data categories: Wallet address, redemption metadata
Processing region: United States
Transfer mechanism: SCCs / DPF
DPA status: Incorporated
EMAIL AND COMMUNICATIONS
Amazon Web Services, Inc. (SES); Google LLC; Chatwoot Inc.
Data categories: Email address, message content, support ticket data
Processing region: Germany (AWS, Google EU); Chatwoot per its DPA
Transfer mechanism: SCCs / DPF
DPA status: Incorporated
MOBILE ANALYTICS, SESSION REPLAY, ERROR AND CRASH TRACKING
Functional Software, Inc. d/b/a Sentry; PostHog Inc.
Data categories: Opaque member identifier, app events, crash and performance data (consumer-health-data screens excluded; precise location stripped)
Processing region: EU regions
Transfer mechanism: SCCs / DPF
DPA status: Incorporated
CONSENT MANAGEMENT (WEBSITE)
Termly, Inc.
Data categories: Cookie and banner consent (website only)
Processing region: United States
Transfer mechanism: SCCs / DPF
DPA status: Incorporated
Functions not currently engaged
Open Banking intermediary, payment processor, and data breach cross-reference API are not currently engaged. Members will be notified, and this list updated, before any such sub-processor begins processing personal data.
Notes
In-app consent. In-app consent is managed internally by Myner; no third-party sub-processor is involved. Website cookie and banner consent is handled by Termly, Inc. (above).
Onward sub-processors. Supabase, Inc. engages its own sub-processors in connection with the services it provides to Myner. The current list is published at supabase.com/legal/subprocessors and is incorporated here by reference.
Notice of changes. Myner will provide notice of any new sub-processor before it begins processing personal data, in accordance with the Privacy Policy and applicable law.
Contact. privacy@mynerapp.com
Change log
June 22, 2026 — Initial publication.