
Subprocessor List
NinthMoon engages the following sub-processors to provide the Services. Each is bound by contractual terms requiring it to protect personal data with safeguards equivalent to those we apply, and to process data only as needed to provide its service.
Google Cloud Platform / Firebase (Google LLC)
| Sub-processor | Purpose | Data involved | Location / region | Protections |
|---|---|---|---|---|
| Google Cloud Run | Application hosting/compute | All data transiting the app in-process | us-central1 (Iowa, USA) | Google Cloud DPA & SCCs; TLS in transit, encryption at rest; private VPC egress; SOC 1/2/3, ISO 27001/27017/27018 |
| Cloud Build & Artifact Registry | Build pipeline & container image storage | Build artifacts (no end-user PII) | us-central1 (USA) | Same Google DPA; IAM-restricted; encrypted storage |
| Cloud Firestore | Primary database | Account, profile, chat, journal, calendar, subscription data | nam5 — US multi-region | Google DPA & SCCs; encryption at rest & in transit; security rules; IAM |
| Firebase Cloud Storage | File/object storage (generated documents, audio, assets) | Generated documents and audio. User-uploaded files are not retained. | USA (default, co-located with project) | Same Google DPA; encryption at rest & in transit; signed-URL / IAM |
| Firebase Authentication | Identity & authentication | Email, auth identifiers, social-login fields | Global (Google infrastructure, US-primary) | Same Google DPA; encrypted credentials; tokenized sessions |
| Firebase Cloud Messaging (FCM) | Push notifications | Device push tokens, notification content | Global (Google infrastructure, US-primary) | Same Google DPA; encryption in transit |
| Google Cloud Text-to-Speech / Speech-to-Text | Voice synthesis & transcription | User audio input & synthesized output | US (global endpoint, US-primary) | Same Google DPA & SCCs; encryption in transit; not used to train Google models |
| Google Cloud Natural Language | Sentiment / safety analysis | Chat & journal text submitted for scoring | US (global endpoint, US-primary) | Same Google DPA; encryption in transit; transient processing |
| Google Cloud Secret Manager | Storage of API keys/credentials | Service secrets (no end-user PII) | USA (default, co-located with project) | Same Google DPA; encryption at rest; IAM-restricted |
| Redis (Google Cloud Memorystore) | Caching & background job queues (BullMQ) | Transient cached records, queued job payloads | us-central1 (USA), private VPC | Private VPC-only (no public ingress); encryption in transit; ephemeral storage |
Non-Google third parties
| Sub-processor | Purpose | Data involved | Location/region | Protections |
|---|---|---|---|---|
| OpenAI | AI assistant/chat & document generation | User chat messages, prompts, uploaded content (transient), and relevant profile/health context to personalize responses | USA | OpenAI DPA & SCCs; API business terms; encryption in transit & at rest; not used to train models by default |
| Apple (App Store IAP & Server Notifications) | iOS in-app subscription billing & entitlement verification | Subscription/transaction identifiers; server notifications | USA (global) | Apple DPA; signed JWS payloads; encryption in transit |
| Google Play (Google LLC) | Android in-app subscription billing, receipt validation & renewal notifications (Play Developer API + RTDN) | Purchase token, product/SKU, order ID, subscription status/expiry, obfuscated account identifier | USA (global) | Google Play DPA & SCCs; service-account (OAuth2 JWT) auth; signed Pub/Sub delivery; encryption in transit |
| Zoho (Zoho Mail / SMTP) | Transactional & notification email | Recipient email address & message content | USA / EU / India (per Zoho account data-center) | Zoho DPA; TLS-encrypted SMTP; ISO 27001 / SOC 2 |
| Vercel | Hosting of admin-panel front-end | Admin-user session data via admin UI | USA (global edge, US-primary) | Vercel DPA & SCCs; TLS; SOC 2 Type 2 |
Active payment processors
The active payment sub-processors are Apple (App Store IAP) for iOS and Google Play (Play Billing) for Android. NinthMoon does not collect or store card details; billing, renewals, and refunds are handled by the stores.
All consumer payments are handled by the app stores; NinthMoon does not use any third-party card or payment processor outside Apple and Google Play.
Notes
User-uploaded files are not stored; any residual upload/test data is being purged. Conversations, memory summaries, journaling entries, and community content are stored in Cloud Firestore (US). Questions: legal@ninthmoon.ai.

Your privacy matters to us.
Transparent policies.
HIPAA-conscious design.
We never sell your data.
Built on trust, designed with care.
Download NinthMoon today 💛