Documentation Index
Fetch the complete documentation index at: https://docs.bowerlabs.ai/llms.txt
Use this file to discover all available pages before exploring further.
Bower uses the following third-party services (“sub-processors”) to operate the platform. Each processes data on our behalf under a Data Processing Agreement (DPA).
We will update this page whenever we add or remove a sub-processor.
Infrastructure & hosting
| Service | Purpose | Data processed | Location |
|---|
| Google Cloud Platform | Infrastructure, database, file storage, async job processing | All user data, files, database records | US (us-central1) |
| Firebase Authentication | User authentication (email/password, Google OAuth) | Email addresses, authentication tokens | US |
| Cloudflare Turnstile | Bot protection during sign-up | IP addresses, browser fingerprint data | Global (edge) |
AI processing
When you use AI features (Bird chat, voice transcription, photo text extraction, document processing), your content is sent to one of these providers for inference. Your data is not used to train AI models.
| Service | Purpose | Data processed | Location |
|---|
| Google AI (Gemini, Vertex AI) | AI chat (Bird), live voice/video mode, OCR/image text extraction, text embeddings, semantic memory | Text, images, audio, video streams | US |
| Google Cloud Speech-to-Text | Voice note transcription | Audio recordings | US |
| Anthropic | AI chat (Bird), agent tasks | Text, chat messages | US |
Payment processing
| Service | Purpose | Data processed | Location |
|---|
| Stripe Payments Australia Pty Ltd (DPA) | Subscription billing, payment processing, customer portal, tax calculation | Billing email, payment method tokens, transaction amounts, tax jurisdiction, subscription metadata | US (processed globally per the Stripe DPA) |
cus_…, sub_…) and transaction amounts. Stripe is PCI-DSS Level 1 certified; Bower’s integration is PCI SAQ-A (the lowest-scope form).
The Stripe Data Processing Agreement applies automatically to our use of the service under Australian, EU (GDPR), and UK (UK-GDPR) data-protection law — no manual signature required; acceptance is deemed by use of the Stripe platform.
Analytics & observability
| Service | Purpose | Data processed | Location |
|---|
| PostHog | Product analytics, feature flags (requires cookie consent) | Usage events, feature flag evaluations — no research content | US/EU |
| Langfuse | AI response quality monitoring | LLM request/response traces, token counts | EU/US |
Data residency
All primary data (database, files, backups) is stored in Google Cloud’s us-central1 region (Iowa, USA). AI processing may occur in the provider’s default region as listed above.
Changes to this list
We review our sub-processor list quarterly. If we add a new sub-processor that processes personal data, we will update this page. Material changes will be communicated via email to workspace owners.
Last reviewed: 20 April 2026
Questions
Contact our Data Protection Officer at privacy@bowerlabs.ai.
