Sub-processor List

Name: Mobily
Brand: Mobily
Rating: 4.8 (12 reviews)

Last updated: April 15, 2026

Under §11 of our Data Processing Addendum, TechSynergy Corp. (the Ontario corporation that provides the Mobily™ service) maintains this public list of sub-processors that receive personal information to support the Mobily platform. We provide at least 30 days' notice of any addition or replacement by updating this page.

To object to a new sub-processor on reasonable data-protection grounds, email us through the contact form within the notice period.

For historical changes, see the revision history at the bottom of this page.

Google Safe Browsing

Terms / DPA →

Added 2026-04-13

Purpose: URL reputation lookups for the URL Safety API. Only the URL being scanned is transmitted; no end-user identifiers are sent.
Data Location: United States
Categories of Data: URL (full) — no IP, no user ID, no API key
Transfer Safeguard: Google Safe Browsing API Terms of Service; transfer limited to what is strictly necessary for the safety lookup.

Google LLC — Gemini AI

Terms / DPA →

Added 2026-04-14

Purpose: AI-powered SEO website audits. When a user triggers an SEO audit, the target page URL and extracted content are sent to the Gemini API to generate structured insights. No user account data or PII is included in the request.
Data Location: United States
Categories of Data: Target page URL and page body text — no user ID, email, or IP address
Transfer Safeguard: Google Cloud Data Processing Addendum; data not used to train Google models under API terms.

Stripe, Inc.

Terms / DPA →

Added 2025-07-14

Purpose: Payment processing for paid plans (subscription billing, invoicing, card storage).
Data Location: United States (with Canadian data residency option enabled where available)
Categories of Data: Name, billing email, billing address, payment card token (never full PAN), invoice history
Transfer Safeguard: Stripe Data Processing Agreement; PCI DSS Level 1 certified; contractual commitments for cross-border data.

Amazon Web Services, Inc. (CA-CENTRAL-1)

Terms / DPA →

Added 2025-09-02

Purpose: Secondary region for object storage backups (scan-log archives, encrypted).
Data Location: Montreal, Canada
Categories of Data: Encrypted backup archives — no plaintext access by AWS personnel.
Transfer Safeguard: AWS DPA; data residency pinned to CA-CENTRAL-1; KMS-managed keys held by Mobily.

Hetzner Online GmbH

Terms / DPA →

Added 2024-11-20

Purpose: Primary compute and database hosting for the Mobily platform.
Data Location: Falkenstein / Nuremberg, Germany — with Mobily's production traffic tunneled through Canadian egress
Categories of Data: All platform data (encrypted at rest).
Transfer Safeguard: Hetzner DPA (GDPR-aligned); encryption keys retained by Mobily; no plaintext access by Hetzner personnel.

Cloudflare, Inc.

Terms / DPA →

Added 2024-11-20

Purpose: DNS, TLS termination, DDoS protection, and WAF for mobily.ca.
Data Location: Global (edge POPs); Canadian POP preferred for Canadian traffic.
Categories of Data: Request metadata (IP, User-Agent, URL path) for security filtering. No request/response bodies are stored.
Transfer Safeguard: Cloudflare DPA with standard contractual clauses; log retention ≤ 24h at the edge.

Resend, Inc.

Terms / DPA →

Added 2025-04-18

Purpose: Transactional email (account notifications, scan-alert webhooks, invoices).
Data Location: United States
Categories of Data: Recipient email address, message body, delivery metadata.
Transfer Safeguard: Resend DPA; 30-day log retention; Mobily opt-in only.

Sentry (Functional Software, Inc.)

Terms / DPA →

Added 2025-01-11

Purpose: Application error monitoring (stack traces, non-PII context).
Data Location: United States
Categories of Data: Error messages, stack traces, scrubbed request headers. Mobily's SDK config strips bodies, cookies, and query strings before transmission.
Transfer Safeguard: Sentry DPA; PII scrubbing enforced at the SDK layer.

Revision history

2026-04-14: Added Google LLC — Gemini AI (sub-processor for SEO audit content analysis). No new sub-processors for Mobily Verify launch — all business profile data stays on-platform.
2026-04-13: Added Google Safe Browsing (sub-processor for URL Safety API queries).
2025-09-02: Added Amazon Web Services (CA-CENTRAL-1) for encrypted backup storage.
2025-07-14: Added Stripe for payment processing.
2025-04-18: Added Resend for transactional email.
2025-01-11: Added Sentry for error monitoring (PII-scrubbed).
2024-11-20: Initial publication — Hetzner (primary hosting), Cloudflare (edge).

Read the Data Processing Addendum →