1. Overview
My Evening uses a small number of third-party service providers ("sub-processors") to deliver the App. Each sub-processor processes personal data only as instructed by us, under a written data processing agreement (or equivalent contract terms), and only for the specific purpose listed below.
We will give at least 30 days' advance notice on this page (and, where required by law, by other reasonable means) before adding any new sub-processor that processes personal data, so you can object before the change takes effect.
2. Current Sub-processors
Apple Inc. / Apple Distribution International Ltd.
- Role: Authentication (Sign in with Apple); App Store distribution and subscription billing (StoreKit 2); HealthKit on-device APIs.
- Categories of personal data: Apple ID identifier (we store the SHA-256 hash of the
sub claim); your name and email if you choose to share them at sign-in; subscription transaction confirmations. - Location: United States; Apple Distribution International Ltd. (Cork, Ireland) acts as the EEA/UK contracting party.
- Transfer mechanism: EU Standard Contractual Clauses + EU-US Data Privacy Framework (Apple Inc. is DPF-certified).
- Contract: Apple Developer Program License Agreement and Schedule 2 (Paid Applications Agreement).
- Privacy reference: apple.com/legal/privacy
ElevenLabs, Inc.
- Role: Real-time speech-to-text transcription (Scribe v2 model). Audio is streamed transiently from our backend; no audio is retained at ElevenLabs after the session ends.
- Categories of personal data: Voice audio (transient, in-memory only).
- Location: United States.
- Transfer mechanism: EU Standard Contractual Clauses (Module 2: controller → processor); UK International Data Transfer Addendum where applicable. We also rely on the EU-US Data Privacy Framework where ElevenLabs maintains DPF certification.
- Contract: ElevenLabs Data Processing Addendum (with no-training opt-out enabled on our account).
- Privacy reference: elevenlabs.io/privacy
OpenAI (OpenAI Ireland Ltd. / OpenAI L.L.C.)
- Role: Person detection on saved gratitude entries (gpt-5-nano via the Responses API). Entry text is processed transiently; no entry text or response is retained, and our account is configured to opt out of training.
- Categories of personal data: Gratitude-entry text (limited to the entry being analyzed) and your existing person list (display names, aliases).
- Location: United States. OpenAI Ireland Ltd. (Dublin) is the contracting party for EEA/UK customers.
- Transfer mechanism: EU-US Data Privacy Framework + Standard Contractual Clauses (fallback) per OpenAI's Data Processing Addendum.
- Contract: OpenAI Data Processing Addendum (signed via the OpenAI platform).
- Privacy reference: openai.com/policies/privacy-policy
Microsoft Corporation (Microsoft Azure)
- Role: Hosting and infrastructure: Azure Functions, App Service, Table Storage, Key Vault, Application Insights, Front Door (CDN/edge), Static Web Apps.
- Categories of personal data: Hashed Apple sub identifier, optional email and full name, rate-limit counters, WebSocket connection counters, application logs (without journal content).
- Location: Backend resources in North Europe (Ireland / Netherlands); website in West Europe; standard Front Door global edge for caching.
- Transfer mechanism: EU Data Boundary commitment (in-region processing for EEA customer data) + Microsoft Online Services DPA (which includes EU SCCs and the UK IDTA).
- Contract: Microsoft Customer Agreement + Microsoft Products and Services Data Protection Addendum (Online Services Terms).
- Privacy reference: Microsoft Trust Center
3. Sub-processors We Do Not Use
Listed for transparency:
- Google Analytics, Firebase Analytics, Adjust, AppsFlyer, Mixpanel, Amplitude — no product analytics SDKs.
- Facebook SDK, TikTok SDK, Snap SDK, X (Twitter) SDK — no social-platform SDKs.
- Sentry, Bugsnag, Crashlytics — no crash-reporting SDKs that transmit personal data.
- Stripe, PayPal, Braintree — payments are handled exclusively by Apple StoreKit 2; we do not see card numbers.
- Mailchimp, SendGrid, Postmark, Customer.io — no marketing-email infrastructure (transactional emails are handled directly by us).
4. Notification of Changes
Material changes to this list — new sub-processors, removed sub-processors, or significant changes in role or location — will be reflected here with at least 30 days' advance notice before the change takes effect for new processing. The "Last updated" line above is bumped on every material change.
If you are an EEA or UK data subject and you wish to object to a new sub-processor, contact privacy_myevening@rongan.me within the notice period.
