Trust & Compliance

Subprocessors

Last updated: June 17, 2026

A complete list of third-party services that may process customer data on OMW's behalf, what they do for us, and links to their data-protection agreements.

1. What this page is for

To deliver OMW we rely on a small set of third-party services ("subprocessors") that may process customer data on our behalf. This page lists every one of them, what they do for us, what data they touch, and where to find their data-protection terms. We commit to keeping this list current and to updating this page within 30 days of any subprocessor change.

If you are a school district, bus operator, camp, or other institutional customer evaluating OMW, you can send this URL to your privacy or technology team as part of your vendor review.

2. Subprocessor list

Service Purpose Data categories Region DPA
Supabase
Supabase Inc.
Primary database, authentication, file storage, realtime updates, serverless edge functions All user account data; route & trip records; precise location pings during an active trip; chat messages; push tokens United States (AWS us-east-1) supabase.com/legal/dpa
Twilio
Twilio Inc.
SMS delivery for sign-in OTP codes and trip notifications Mobile phone numbers; SMS message bodies United States twilio.com/legal/data-protection-addendum
Google Maps Platform
Google LLC
Map rendering inside the app, geocoding (address ↔ coords), driving directions and ETAs Latitude/longitude coordinates; addresses entered for stops & destinations United States / Global cloud.google.com/terms/data-processing-addendum
Resend
Resend Inc.
Email delivery for kid notification emails when a parent prefers email over SMS Email addresses; notification message bodies United States resend.com/legal/dpa
Apple Push Notification service (APNs)
Apple Inc.
iOS push notification delivery iOS device push tokens; notification payloads United States / Global apple.com/legal/internet-services/itunes/dev/stdeula
Firebase Cloud Messaging
Google LLC
Android push notification delivery Android device push tokens; notification payloads United States / Global firebase.google.com/terms/data-processing-terms
Expo (EAS + Expo Push)
650 Industries, Inc.
App build & release infrastructure; push notification relay to APNs and FCM Device push tokens; notification payloads (transient) United States expo.dev/legal/dpa
Sentry
Functional Software, Inc.
Crash reporting and diagnostic telemetry from the mobile apps Anonymous device identifier; OS version; app version; stack traces; sanitized error breadcrumbs United States sentry.io/legal/dpa
OpenStreetMap tile servers
OpenStreetMap Foundation
Map tile rendering on the public web tracker (imonmyway.app/t/<trip>) Visitor IP address (logged by tile servers when they fetch tiles); requested map area United Kingdom / Global CDN Public service; see OSMF tile usage policy

3. Scope notes

4. Sub-subprocessors

OMW does not directly authorize or audit sub-subprocessors used by the services above (for example, the cloud infrastructure providers each subprocessor relies on). The subprocessors listed above are themselves responsible for the sub-subprocessors they engage; each provider's DPA, linked above, governs that relationship.

5. Notifying customers of changes

We commit to updating this page within 30 days of adding, removing, or replacing a subprocessor that processes customer data. Institutional customers with a signed Data Processing Agreement may additionally request advance email notice of material subprocessor changes; arrange this via your standing point of contact at OMW.

6. Questions

Privacy, compliance, or vendor-review questions:

Email: privacy@imonmyway.app

Mail: Jetson 1101 LLC, 57 S. Main St., Suite 316, Neptune, NJ 07753, USA