Core infrastructure
All primary infrastructure runs on Amazon Web Services (US regions). Source code is encrypted in transit and at rest and deleted on handoff.
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Amazon Web Services: Compute | Runs the API and migration worker | All customer data in transit; migration sandboxes are ephemeral and isolated | United States |
| Amazon Web Services: RDS (PostgreSQL) | Accounts, migration metadata, logs | User PII, job metadata (no retained source code, purged on handoff) | United States |
| Amazon Web Services: ElastiCache (Redis) | Job queue, sessions, rate limiting | Job payloads, session tokens (no source code) | United States |
| Amazon Web Services: S3 | Temporary migration artifact storage | Source code + output, encrypted (AES-256-GCM); deleted on handoff | United States |
Processing, payments & communications
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| OpenAI, L.L.C. | LLM inference for AI-assisted transformation | Batches of source-code files as prompt context (API inputs not used for training) | United States |
| Paddle (Market Ltd / Inc.) | Payments & Merchant of Record; invoicing | Billing name, email, payment method (no source code; no card data stored by Refactyl) | UK / EEA / US |
| Resend | Transactional & lifecycle email | Recipient email, name, message content (no source code) | United States |
| PostHog, Inc. | Product analytics | Pseudonymous user ID, event names, browser metadata (no source code) | United States |
| Google LLC (Analytics) | Web analytics | Cookie-based visitor analytics (no source code, no logged-in PII) | United States |
| Cloudflare, Inc. | Turnstile CAPTCHA (homepage demo) & CDN | IP address, browser fingerprint (no source code) | Global (US) |
Enterprise and self-hosted deployments can route LLM inference to Azure OpenAI, an on-premises model, or any OpenAI-compatible endpoint (via OPENAI_BASE_URL), eliminating the cross-border transfer of source code to OpenAI. Refactyl does not currently use a third-party error-tracking or APM sub-processor.
Authentication providers
Used only when a user chooses them. Refactyl receives profile data from these providers at the user's direction; they are not sent customer source code.
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Google LLC (OAuth) | Optional “Sign in with Google” | Name, email, avatar received at the user’s direction | United States |
| GitHub, Inc. (OAuth) | Optional “Sign in with GitHub”; repo access to clone repos the user migrates | Name, email, avatar; repo contents only for repos the user explicitly migrates | United States |
Need the paperwork?
A signed DPA (with the sub-processor annex and transfer mechanisms) is available for Enterprise and Big Migration customers.
Read the DPA summary, see our security overview, or request a signed copy.