Vendors that process user data on our behalf. We commit to 30 days of advance notice before adding a new subprocessor that has access to user data.
Current subprocessors
| Name | Purpose | Region | Data shared |
|---|---|---|---|
| Stripe | Payment processing | USA | Payment method data, billing address, customer ID, transaction amount. |
| Neon | Database hosting (dev) — replaced by self-hosted Postgres in prod | USA | All app data: account info, audit log, encrypted content envelopes. |
| Resend | Transactional email (verification, password reset, billing alerts) | USA | Email address, message contents. |
| Cloudflare | CDN, edge KV (decryption keys), R2 object storage, Tunnel for VPS | Global edge | Per-user encryption keys (KV), encrypted file blobs (R2), HTTP traffic. |
| OVH | VPS hosting (prod app server) | France / Canada | All app data via runtime processing. |
| Anthropic, OpenAI, OpenRouter, Moonshot | AI inference | USA / global | Prompt content + tool inputs/outputs at runtime. Not retained beyond the call. |
Notification
We notify users of subprocessor changes via the in-app notification center and via email. To opt into email notices, toggle "Product updates" in /account/settings → Notifications.