Payment Kit Subprocessor And Service Provider List

Effective Date: June 23, 2026

Last updated: June 23, 2026

Payment Kit Subprocessor And Service Provider List

Payment Kit LLC (“Payment Kit”) uses the providers below to support the Payment Kit services. Providers designated as subprocessors may process Customer Personal Data on behalf of Payment Kit. Applicability depends on the products, features, and configurations used by a customer.

Customer-selected payment processors, gateways, acquiring banks, card networks, payment-method providers, fraud providers, and other services selected, contracted for, or controlled by a customer are not Payment Kit subprocessors solely because Payment Kit facilitates an integration with or transmits data to them at the customer’s direction.

Current Providers

Provider

Role

Purpose and Personal Data

Processing Locations / Applicability

Very Good Security, Inc. (VGS)

Subprocessor

Payment credential tokenization, secure vaulting, and secure data relay. Payment-card data, tokens, billing/contact data, and routing metadata.

United States and other locations described in VGS documentation or selected through the Services.

Provider

Role

Purpose and Personal Data

Processing Locations / Applicability

Google LLC (Google Cloud Platform)

Subprocessor

Cloud hosting, compute, storage, databases, networking, backups, logging, and security. Customer Personal Data hosted in the Services.

United States and configured Google Cloud regions.

Provider

Role

Purpose and Personal Data

Processing Locations / Applicability

Twilio Inc. (SendGrid)

Subprocessor

Transactional email and related communications. Recipient names, email addresses, message content, and delivery metadata.

United States and other locations described in Twilio’s DPA.

Provider

Role

Purpose and Personal Data

Processing Locations / Applicability

OpenAI, L.L.C.

Conditional Subprocessor

AI-enabled features and workflows. Prompts, inputs, outputs, related metadata, and any Customer Personal Data included in those materials.

United States and other supported/configured regions; applies only when AI-enabled functionality is used.

Provider

Role

Purpose and Personal Data

Processing Locations / Applicability

Vercel Inc.

Subprocessor

Application and frontend hosting, deployment, content delivery, and performance. IP addresses, request/device data, session data, and content handled by hosted applications.

United States and global edge locations.

Provider

Role

Purpose and Personal Data

Processing Locations / Applicability

Functional Software, Inc. d/b/a Sentry

Subprocessor

Error tracking, monitoring, debugging, and performance. Error logs, identifiers, IP/device data, application metadata, and data included in diagnostic events.

United States or Europe, depending on configuration.

Provider

Role

Purpose and Personal Data

Processing Locations / Applicability

Dropbox, Inc. (Dropbox Sign, formerly HelloSign)

Business Operations Service Provider

Electronic signatures and agreement execution. Business contact information, signature records, audit trails, and contract documents.

United States and other locations described in Dropbox terms. Ordinarily used for contracting rather than core end-customer data processing.

Provider

Role

Purpose and Personal Data

Processing Locations / Applicability

Payment Kit may add, replace, or remove providers as the Services evolve. Payment Kit will update this page and provide any additional notice required by the Payment Kit Data Processing Addendum or applicable law. Customers may request notice of Subprocessor changes by emailing legal@paymentkit.com.

Changes And Notices

Payment Kit LLC

Attn: Legal and Privacy

1111B S Governors Ave STE 47765

Dover, DE 19904

legal@paymentkit.com

privacy@paymentkit.com

Contact