Sub-Processors
Last updated: May 8, 2026
Gym Art engages the following third-party sub-processors to assist in providing our services. Each sub-processor is bound by a written data processing contract that imposes substantially equivalent data protection obligations. Sub-processors marked "Public Website only" never receive data from the Authenticated Platforms (Gym Art Meets, Judge's Companion) and are activated only on gymart.org with the visitor's prior cookie consent.
| Sub-Processor | Purpose | Data Location | Certifications |
|---|---|---|---|
| Google Cloud Platform (Firebase) | Infrastructure hosting, data storage, databases | Montreal, Canada (northamerica-northeast1) | SOC 2, ISO 27001, ISO 27017, ISO 27018 |
| Stripe | Credit card payment processing for competition registrations | United States / Canada | PCI DSS Level 1, SOC 2 |
| Mailchimp (The Rocket Science Group) | Email marketing and newsletters | United States | SOC 2 Type II |
| Google (Authentication) | Google Sign-In for user authentication | Global | SOC 2, ISO 27001 |
| Fastly | Content delivery network for web applications | Global | SOC 2 Type II, PCI DSS |
| Cloudflare | DNS and content distribution for documentation | Global | SOC 2 Type II, ISO 27001 |
| GitBook | User documentation hosting (docs.gymart.org) | Global | SOC 2 Type II |
| Calendly | Demo booking and scheduling | United States | SOC 2 Type II |
| Vercel | Public Website hosting and privacy-friendly analytics (Public Website only) | Global edge network; analytics data processed in the United States | SOC 2 Type II, ISO 27001 |
| Google Analytics 4 | Aggregate Public Website traffic measurement and conversion tracking (Public Website only, with cookie consent) | United States / Global | SOC 2, ISO 27001 |
| Google Ads | Paid search campaign measurement and remarketing for adult decision-makers (Public Website only, with cookie consent) | United States / Global | SOC 2, ISO 27001 |
Gym Art will update this list at least 30 days before engaging any new sub-processor. Organizers who have signed a Data Processing Agreement will be notified directly of any changes.
For questions about our sub-processors, contact privacy@gymart.org.
View the Organizer Data Processing Agreement.