Skip to content
Trust

Subprocessors

The third-party service providers Crumb currently relies on to operate the service. This list may change as the platform evolves; material changes are reflected on this page.

Effective · Last updated · Version 2026-07-10.1

Lovable Cloud (managed Supabase infrastructure)

Purpose
Primary database, authentication, object storage, serverless compute.
Data categories
Account and workspace records; menu, ingredient and allergen data; uploaded files; audit records; session identifiers.
Region
European Economic Area (Ireland / Frankfurt).
Transfer mechanism
Processing within the EEA; Standard Contractual Clauses where applicable.
Provider notice
https://supabase.com/privacy
Added

Cloudflare, Inc.

Purpose
Edge/CDN delivery, DNS, TLS termination for the marketing site and application.
Data categories
Technical request metadata (IP address, user-agent, request path) for delivery, security and fraud prevention.
Region
Global edge; primary contract with Cloudflare, Inc. (US).
Transfer mechanism
EU Standard Contractual Clauses under Cloudflare's data-processing addendum.
Provider notice
https://www.cloudflare.com/privacypolicy/
Added

Paddle.com Market Limited

Purpose
Merchant of Record for Crumb subscriptions — checkout, payment processing, tax calculation, invoicing, refunds and chargebacks.
Data categories
Billing name, email, billing address, payment method, tax identifiers and transaction records.
Region
United Kingdom and European Union; payment card networks operate globally.
Transfer mechanism
Independent controller for billing data. Where transferred outside the EEA, Standard Contractual Clauses or adequacy decisions apply.
Provider notice
https://www.paddle.com/legal/privacy
Added

Mailgun (Sinch Email)

Purpose
Transactional and account email delivery from the verified sending domain notify.crumb.menu.
Data categories
Recipient email address, message content, delivery metadata.
Region
European Union delivery region (Frankfurt) where configured.
Transfer mechanism
Standard Contractual Clauses under Mailgun's data-processing addendum.
Provider notice
https://www.mailgun.com/privacy-policy/
Added

Lovable AI Gateway

Purpose
AI-assisted menu import, translation and content-generation features initiated by authorised restaurant users.
Data categories
Menu, section, dish, ingredient and allergen text submitted by the restaurant. Personal data is not intentionally sent.
Region
See Lovable AI Gateway documentation for current model providers and regions.
Transfer mechanism
Contractual safeguards via Lovable Cloud.
Provider notice
https://docs.lovable.dev/
Added

Professional advisers

Purpose
Legal, accounting and tax advice, where strictly necessary.
Data categories
Limited to the information required for the matter concerned.
Region
Ireland and, where relevant, other EEA jurisdictions.
Transfer mechanism
Confidentiality obligations; no transfer outside the EEA unless the matter requires it.
Added

Related documents: Privacy Notice · DPA · Security · Cookies

Questions? privacy@crumb.menu