Sub-processors

Effective: July 24, 2026
Version 1.0

This page lists the third-party sub-processors that PrivacyForge engages to help deliver the Service, as referenced in our Data Processing Agreement. We remain responsible to you for any processing carried out by these sub-processors.

How we notify you of changes

  • We give at least  30 days' notice before adding or replacing a sub-processor.
  • Notice is given by updating this page and, where you have subscribed, by email.
  • You may object on reasonable data-protection grounds within the notice period.
  • To subscribe to change notifications, email hello@privacyforge.io.

Current sub-processors

Supabase

Supabase, Inc.
Purpose
Managed Postgres database, authentication and file storage — core platform infrastructure
Personal data
All personal data the Customer stores in the Service (account data, consent records, DSAR contents, uploaded data)
Processing location
EU region
Transfer mechanism
EU SCCs + UK IDTA where applicable

Stripe

Stripe Payments Europe, Ltd. / Stripe, Inc.
Purpose
Subscription billing, payment processing and fraud prevention
Personal data
Billing contact details and transaction metadata. Card details are handled directly by Stripe and are not stored by PrivacyForge
Processing location
Ireland (EU) & United States
Transfer mechanism
EU SCCs + UK IDTA

Vercel

Vercel, Inc.
Purpose
Application hosting, serverless/edge compute and content delivery
Personal data
Data in transit, request/route data, server logs and diagnostic data
Processing location
United States / global edge network
Transfer mechanism
EU SCCs + UK IDTA

Resend

Resend, Inc.
Purpose
Transactional and notification email delivery
Personal data
Recipient name, email address and email content
Processing location
United States
Transfer mechanism
EU SCCs + UK IDTA

Sentry

Functional Software, Inc.
Purpose
Application error and performance monitoring
Personal data
Technical diagnostic data; limited personal data may appear incidentally in error context
Processing location
United States
Transfer mechanism
EU SCCs + UK IDTA

Upstash

Upstash, Inc.
Purpose
Redis-based rate limiting and ephemeral caching
Personal data
IP addresses and request identifiers used for rate limiting and abuse prevention
Processing location
EU region
Transfer mechanism
EU SCCs + UK IDTA

Website analytics & marketing providers

The sub-processors above support the operation of the application itself. Third-party providers used on our public website for analytics and marketing (such as Google Analytics, Microsoft Clarity and the LinkedIn Insight Tag) are described, with their data practices and durations, in our Cookie Policy. Those tools run only with your consent where consent is required.

Questions

For questions about our sub-processors, to subscribe to change notifications, or to raise an objection, contact hello@privacyforge.io. See also our Data Processing Agreement and Privacy Policy.

Last updated: June 24, 2026 | Version: 1.0