Sub-processors.
Last updated: 28 May 2026
Leiko engages a small number of trusted third parties to operate the service. Each one is bound by a written data-processing agreement that limits them to the specific purpose listed here. We do not sell your data and we do not share it with advertisers as a generic data broker — the rows below are the entire list.
Cloudflare, Inc. (USA)
Global — primary edge near the visitor.Purpose
CDN, edge runtime for our Worker (API, drip, inventory, contact, conversions), DDoS protection, DNS, email routing for our @leiko.app addresses.
Data
IP addresses, request metadata, contact-form bodies, the email we send via Resend (in transit), reservation form bodies.
Supabase, Inc. (USA)
United States.Purpose
Primary application database (Postgres) and authentication for the Leiko app.
Data
Account records, family-circle membership, blood-pressure and other vitals readings, sleep/activity data, app-side notes and comments, AI conversation history, push-notification tokens, marketing-email contacts, orders.
Resend, Inc. (USA)
United States.Purpose
Transactional and marketing email delivery — order confirmations, drip sequence, contact-form forwarding to the team.
Data
Recipient email address, your name (if provided), email subject, the email body we send.
Lemon Squeezy (USA)
United States.Purpose
Checkout, payment processing, and merchant of record for hardware orders and Leiko Plus subscriptions.
Data
Name, email, billing address, last four digits of card / payment method type, order amount, transaction status. Full card numbers are tokenized by Lemon Squeezy's PCI-compliant processor and never reach our servers.
Anthropic, PBC (USA)
United States.Purpose
AI inference for the Daily Pulse summary, weekly recaps, and Doctor-Ready report drafts in the Leiko app.
Data
De-identified vitals (no name, email, address, phone, or account ID) plus the prompt we send. Anthropic is contractually prohibited from training on our data and required to delete inputs within 30 days.
OpenAI, L.L.C. (USA)
United States.Purpose
Fallback AI inference for the same features when our primary provider is unavailable.
Data
Same de-identified vitals as above. Same contractual protections (no training, 30-day deletion).
Meta Platforms, Inc. (USA)
United States.Purpose
Advertising attribution via the Meta Conversions API — only fires after you submit an order on our site and only if you arrived from a Meta ad.
Data
Hashed (SHA-256) email, first and last name, country; the IP and user-agent of the originating request; Meta cookies (fbp, fbc) if present. No vitals, no app data.
Google LLC (USA)
United States.Purpose
Advertising attribution and analytics via Google Ads / GA4 — page-view counts and conversion events on the marketing site.
Data
Client identifier, page URL, event name, basic UTM tags, country (no name or email is sent). No vitals, no app data.
PostHog, Inc. (USA)
United States.Purpose
Product analytics on the marketing site and the app — page-views, funnel events, anonymous session replays of the marketing site (the app is excluded).
Data
Anonymous device identifier, page URL, event name and properties. No personally identifying fields. No vitals.
DHL Express, FedEx, USPS, and local couriers
Country of delivery.Purpose
Shipping the Leiko watch to your address.
Data
Shipping name, address, phone number, order details.
Notification of changes
We update this page whenever we add a sub-processor, remove one, or change what an existing one does. If a change materially affects how we process your personal data, registered account holders receive an email at least 30 days before the change takes effect — enough time to object or close your account if you prefer.
Questions about any of the above? Write to law@leiko.app.