Sub-processors

OLM relies on the following third-party services to operate the platform. Each has been reviewed for security and privacy practices and has signed (or accepts) a Data Processing Agreement governing how they handle your data.

We notify customers of new sub-processors at least 14 days in advance. If you object, you can terminate the agreement under your DPA. Contact privacy@trainolm.com to subscribe to change notifications.

ServicePurposeDataRegion
Amazon Web Services (AWS)Cloud infrastructure: SES (transactional + broadcast email), SNS (SMS, webhook routing), S3 (logos, signatures, signed PDFs), End User Messaging SMS.
  • Email addresses
  • Phone numbers
  • Message content
  • Uploaded files (logos, signatures)
United States (us-east-1, us-west-2)
ClerkAuthentication and user identity (sign-in, sessions, OAuth).
  • Email addresses
  • Names
  • Profile photos
  • OAuth tokens
United States
StripePayments and Stripe Connect (membership billing, drop-ins, seminars, payouts to gyms).
  • Names
  • Email addresses
  • Billing addresses
  • Last-4 of payment cards
  • Bank account references (gyms only)
United States
VercelWeb hosting, edge network, serverless function execution.
  • Request logs
  • IP addresses (transient)
United States (and edge locations globally)
NeonManaged PostgreSQL database (production data).
  • All structured user / org / activity data
United States
UpstashRedis for rate limiting, webhook deduplication, transient bounce counters.
  • IP addresses (transient)
  • Hashed token identifiers
  • Email addresses (counter keys, 7d TTL)
Configurable (we use US regions)
ResendBackup transactional email delivery (when SES is unavailable).
  • Email addresses
  • Message content
United States
SendGrid (Twilio)Marketing email campaigns (lead nurture, demo follow-ups). Not used for org-to-member messaging.
  • Email addresses
  • Marketing message content
United States

Last updated: May 29, 2026. OLM, Inc.