Sub-Processors
Last updated: March 16, 2026
Gym Art engages the following third-party sub-processors to assist in providing our services. Each sub-processor is bound by a written data processing contract that imposes substantially equivalent data protection obligations.
| Sub-Processor | Purpose | Data Location | Certifications |
|---|---|---|---|
| Google Cloud Platform (Firebase) | Infrastructure hosting, data storage, databases | Montreal, Canada (northamerica-northeast1) | SOC 2, ISO 27001, ISO 27017, ISO 27018 |
| Stripe | Credit card payment processing for competition registrations | United States / Canada | PCI DSS Level 1, SOC 2 |
| Mailchimp (The Rocket Science Group) | Email marketing and newsletters | United States | SOC 2 Type II |
| Google (Authentication) | Google Sign-In for user authentication | Global | SOC 2, ISO 27001 |
| Fastly | Content delivery network for web applications | Global | SOC 2 Type II, PCI DSS |
| Cloudflare | DNS and content distribution for documentation | Global | SOC 2 Type II, ISO 27001 |
| GitBook | User documentation hosting (docs.gymart.org) | Global | SOC 2 Type II |
| Calendly | Demo booking and scheduling | United States | SOC 2 Type II |
Gym Art will update this list at least 30 days before engaging any new sub-processor. Organizers who have signed a Data Processing Agreement will be notified directly of any changes.
For questions about our sub-processors, contact privacy@gymart.org.
View the Organizer Data Processing Agreement.