The third parties AZMTH engages to operate the platform, plus the customer-authorized integrations our customers connect to extend it. Per Section 7.4 of our Data Processing Addendum, we update this page at least thirty (30) days before any change takes effect, and we email the affected account owners.
Last updated: 2026-05-01
Each entry below has a written data-protection agreement with AZMTH that mirrors the obligations of our DPA, including confidentiality, security, breach notification, and assistance with Data Subject requests.
Supabase, Inc.
United States · added 2025-09-01
Managed PostgreSQL database, authentication, and object storage hosting the AZMTH application.
Data categories
Anthropic PBC
United States · added 2026-05-01
Claude Haiku model used to generate one-paragraph plain-English fan summaries inside the Fan Intelligence System. Inputs are sanitized to non-PII (city + transaction count + tier; no email, phone, or exact dollar amounts). Anthropic does not train models on AZMTH inputs or outputs (zero-retention API).
Data categories
Vercel, Inc.
United States · added 2025-09-01
Application hosting and edge / serverless compute for the AZMTH web application.
Data categories
Stripe, Inc.
United States · added 2025-09-01
Subscription billing for AZMTH plans + Connect-based payment routing for tip jars, ticketing, fundraisers, recurring memberships, and affiliate payouts.
Data categories
Resend, Inc.
United States · added 2025-09-01
Transactional email delivery (account, billing, booking, contribution, brand-deal, collaborator, and notification messages).
Data categories
Google LLC (Google Cloud Vision API)
United States · added 2026-06-05
Automated content-safety scanning (SafeSearch) of images uploaded to the Service at ingest, to detect explicit or abusive imagery and to support AZMTH's child-safety detection-and-reporting workflow. Images at or above the configured threshold are quarantined for human review.
Data categories
When a customer connects one of these via OAuth, the integration partner becomes a separate processor under the customer's direct control. AZMTH facilitates the connection but does not sub-process via these vendors.
Note on email + SMS: public-profile email and SMS opt-ins flow directly to the customer's connected Klaviyo or Mailchimp list. AZMTH does not store fan email addresses or phone numbers submitted via those forms.
Klaviyo, Inc.
Email + SMS list management and campaign delivery for the customer's fans.
Customer is the controller; Klaviyo is a separate processor that the customer engages directly via OAuth. Public-profile email + SMS opt-ins flow DIRECTLY to the customer's Klaviyo list — AZMTH does not store the contact identifiers.
The Rocket Science Group LLC d/b/a Mailchimp
Email audience management and campaign delivery.
Customer is the controller; Mailchimp is a separate processor. Public-profile email opt-ins flow DIRECTLY to the customer's Mailchimp audience — AZMTH does not store the contact identifiers.
Shopify Inc.
E-commerce order + customer sync.
Customer is the controller of their Shopify store; the customer-authorized OAuth integration lets AZMTH read order + customer data on the customer's behalf for the Fan CRM and merch surfaces.
Spotify AB
Listener metrics + playlist data via Spotify for Artists.
Spotify provides aggregate, non-personal listener metrics on the artist's behalf via authenticated API. No fan-level personal data is exchanged.
Apple Inc.
Apple Music for Artists metrics.
Apple provides aggregate, non-personal listener metrics on the artist's behalf via authenticated API.
Google LLC
YouTube channel + analytics and Search Console metrics via Google APIs (read-only).
Customer is the controller. After the artist connects their Google account via OAuth, AZMTH reads channel/video metadata and YouTube Analytics reports (views, watch time, and audience demographics such as country and age group) on the artist's behalf, and stores the connected Google account email/profile plus derived metrics. Read-only; see Privacy Policy §5B for the Limited Use commitment.
Bandsintown LLC
Public tour-date publishing + RSVP-engagement signals.
Customer is the controller; Bandsintown is a separate processor.
Eventbrite, Inc.
Ticketing + attendee CRM sync.
Customer is the controller; Eventbrite is a separate processor.
Dice FM Ltd.
Ticketing inventory + sale data.
Customer is the controller; DICE is a separate processor.
DocuSign, Inc.
Electronic signature on contracts uploaded to AZMTH.
Customer initiates the signature request via the AZMTH integration; DocuSign is a separate processor for that envelope.
Twitch Interactive, Inc.
Channel + live-stream analytics (followers, viewer counts, recent broadcasts) via the Twitch Helix API.
Customer is the controller of their Twitch channel; Twitch is a separate processor that the customer engages directly via OAuth.
Kick Streaming Pty Ltd
Channel + follower stats via the Kick API.
Customer is the controller of their Kick channel; Kick is a separate processor that the customer engages directly.
Buzzsprout (a Higher Pixels, Inc. service)
Per-episode podcast analytics (downloads, listener locations, player breakdown) via the Buzzsprout API.
Customer is the controller of their podcast hosting account; Buzzsprout is a separate processor that the customer engages directly via API key.
Spotify AB (Spotify for Creators)
Show + episode analytics (listener counts, completion, follower growth) for podcasters distributing through Spotify for Creators.
Customer is the controller of their Spotify for Creators account; data flows via the customer's authenticated session.
Podbean Tech, Inc.
Podcast download stats, listener demographics, and patron data via the Podbean API.
Customer is the controller of their Podbean account; Podbean is a separate processor that the customer engages directly via OAuth.
Transistor LLC
Per-show + per-episode podcast analytics via the Transistor API.
Customer is the controller of their Transistor account; Transistor is a separate processor that the customer engages directly via API key.
Liberated Syndication Inc. (Libsyn)
Episode-level download stats and IAB-compliant podcast metrics via the Libsyn API.
Customer is the controller of their Libsyn account; Libsyn is a separate processor that the customer engages directly via API credentials.
Account owners receive 30-day advance notice of any change via email. To object on data-protection grounds, follow the process described in DPA Section 7.4. Other questions about sub-processors: privacy@azmth.app.