The complete current list of third-party service providers used by Aika Lab to deliver our Services, including what data is shared with each, where it is processed, and what safeguards apply.
Last updated: April 18, 2026Reviewed: Quarterly, or upon any changeAuthority: Aika Lab (AI Player in Gothenburg, org. nr. 571121-3230)
This page is the authoritative source for our list of third-party service providers, as referenced in Section 6 of our Privacy Policy. We maintain this page so that you always have access to the current state of our data processing relationships, even if our Privacy Policy is between updates.
Each provider listed below has signed a Data Processing Agreement (DPA) with Aika Lab consistent with the requirements of GDPR Article 28, where applicable. Providers process your personal data only on our documented instructions and are bound by appropriate confidentiality and security obligations.
Yes — Google Sign-In is one of two registration methods. You may choose phone-number registration instead, in which case Google receives no data from us.
Stripe
Payments — Web Store
Purpose
Processing payments for physical accessories (such as compatible BCI hardware) purchased through our website at aikalab.se/market
Data shared
Transaction details, billing address, shipping address, email address. We do not see or store your card numbers — Stripe handles all card data directly.
Provider entity
Stripe Payments Europe Limited (Ireland) for EU customers; Stripe, Inc. (USA) for backend processing
Transfer safeguard
EU-U.S. Data Privacy Framework; Stripe's Data Processing Agreement
Software Development Kit (SDK) for Bluetooth communication with compatible Flexolink EEG devices (e.g., FLEX-BM05BF)
Data shared
Bluetooth device pairing data is exchanged locally on your device. EEG signal data is processed on-device and uploaded only to Aika Lab's own servers (Google Cloud Platform), not to Flexolink's servers. Flexolink does not receive your EEG data.
Provider entity
Flexolink AI (China)
Transfer safeguard
N/A — no personal data is transmitted to Flexolink. The SDK runs locally on your device.
Important note
Because the SDK is software running on your device, it has access to your EEG signal stream. We have audited the SDK's network behavior to confirm that EEG data is not transmitted to Flexolink. We will continue to monitor this in future SDK versions.
Our Operating Principles
Minimum necessary providers
We use the smallest number of third-party providers necessary to deliver our Services reliably and securely. Each addition to this list is a deliberate decision, not a default.
EEG data does not leave our systems
Your EEG data is processed by our own systems (Google Cloud Platform, under our control). We do not share EEG data with third parties for advertising, profiling, insurance, employment, or any other secondary purpose.
Payment data isolation
The current version of Sleep Tuning is free to use and does not involve in-App payment processing. For physical accessory sales via our website store, all payment processing is handled by Stripe (PCI-DSS compliant); we never see card numbers or bank details.
Authentication choice
You may register and sign in using either a phone number (no third-party involved) or Google Sign-In (data flows to Google). The choice is yours.
Update policy
When we add, change, or remove a service provider, we update this page within 7 days of the change taking effect. For material changes (e.g., adding a provider that processes new categories of data), we also update our Privacy Policy and notify users where required by law.
Questions
If you have questions about any provider listed here, or wish to exercise your rights regarding data processed by them, please contact us at hello@aikalab.se. We will respond within 30 days as required by GDPR Article 12.
