// Security · References
Subprocessors
Last updated May 31, 2026
Userplay engages a small set of trusted subprocessors to operate the platform. Each subprocessor has a Data Processing Addendum on file and is reviewed at onboarding and annually thereafter.
All production data processed by Userplay is hosted in the United States. Userplay does not currently offer regional data residency. If your organization requires a specific region, contact sales@userplay.io.
Active Subprocessors#
| Subprocessor | Purpose | Data handled | Region |
|---|---|---|---|
| Render | Application hosting and backend compute | Workspace data, recording metadata, transcripts, AI analysis output, audit logs | United States |
| Vercel | Frontend hosting and CDN | Web application delivery; no customer recording data | United States / Global edge (delivery only) |
| Cloudflare | DDoS protection, WAF, and edge delivery | Traffic logs (30-day retention); TLS termination; no recording content | Global edge (delivery only); canonical copy in US |
| Mux | Video storage and streaming | Raw session recordings (screen video, audio, optional webcam) | United States |
| OpenAI | Audio transcription (AI processing, opt-out available) | Audio segments extracted from recordings; pseudonymous — no workspace identifiers sent | United States |
| Google Gemini | Video analysis (AI processing, opt-out available) | Video frames and transcript text; pseudonymous — no workspace identifiers sent | United States |
Notes on AI Subprocessors#
OpenAI and Gemini are used only when AI processing is enabled for the workspace or playtest. Studios can opt out of AI processing entirely — when opted out, no audio or video is sent to either subprocessor. See AI Processing.
Under Userplay’s agreements with both OpenAI and Google:
- Submissions are not used to train their models.
- Operational retention is bounded by each provider’s published terms for the API tier in use.
Change Notifications#
Userplay notifies customers of additions, removals, or material changes to this list at least 30 days in advance via email to workspace owners and an update to this page.
Customers who object in writing to a newly added subprocessor within the 30-day window may contact privacy@userplay.io. Userplay will work with the customer to find a workable resolution, which may include excluding the customer’s data from that subprocessor where technically feasible.
Subprocessor Security Posture#
Each subprocessor in the active list holds SOC 2 Type II or equivalent attestations and published security documentation. Attestation reports are available on request to enterprise customers under NDA — contact security@userplay.io.