Legal
Sub-processors
Version 1.0 · Last reviewed 2026-04-24
Note on customer-authorized integrations. Third-party integrations (HubSpot, Gmail, Google Calendar, etc.) are activated only with the Customer's explicit OAuth authorization. These are not sub-processors but rather Customer-controlled destinations.
Current sub-processors
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Vercel Inc. | Hosting and content delivery | USA | SCCs, DPF |
| Supabase Inc. | Database and storage | USA / EU | SCCs, DPF |
| Google LLC (Firebase) | Authentication | USA | SCCs, DPF |
| Google LLC (Workspace) | Business email | USA | SCCs, DPF |
| Anthropic PBC | AI processing | USA | SCCs |
| Resend Inc. | Transactional email delivery | USA | SCCs, DPF |
| Stripe Inc. | Payment processing | USA | SCCs, DPF, PCI-DSS |
| Cloudflare Inc. | DDoS protection and DNS | USA | SCCs, DPF |
Changes
We provide 30 days' notice via email before adding new sub-processors. Customers may object on reasonable grounds.