Sub-processors
This page lists the third-party sub-processors that PrivacyForge engages to help deliver the Service, as referenced in our Data Processing Agreement. We remain responsible to you for any processing carried out by these sub-processors.
How we notify you of changes
- We give at least 30 days' notice before adding or replacing a sub-processor.
- Notice is given by updating this page and, where you have subscribed, by email.
- You may object on reasonable data-protection grounds within the notice period.
- To subscribe to change notifications, email hello@privacyforge.io.
Current sub-processors
Supabase
Supabase, Inc.- Purpose
- Managed Postgres database, authentication and file storage — core platform infrastructure
- Personal data
- All personal data the Customer stores in the Service (account data, consent records, DSAR contents, uploaded data)
- Processing location
- EU region
- Transfer mechanism
- EU SCCs + UK IDTA where applicable
Stripe
Stripe Payments Europe, Ltd. / Stripe, Inc.- Purpose
- Subscription billing, payment processing and fraud prevention
- Personal data
- Billing contact details and transaction metadata. Card details are handled directly by Stripe and are not stored by PrivacyForge
- Processing location
- Ireland (EU) & United States
- Transfer mechanism
- EU SCCs + UK IDTA
Vercel
Vercel, Inc.- Purpose
- Application hosting, serverless/edge compute and content delivery
- Personal data
- Data in transit, request/route data, server logs and diagnostic data
- Processing location
- United States / global edge network
- Transfer mechanism
- EU SCCs + UK IDTA
Resend
Resend, Inc.- Purpose
- Transactional and notification email delivery
- Personal data
- Recipient name, email address and email content
- Processing location
- United States
- Transfer mechanism
- EU SCCs + UK IDTA
Sentry
Functional Software, Inc.- Purpose
- Application error and performance monitoring
- Personal data
- Technical diagnostic data; limited personal data may appear incidentally in error context
- Processing location
- United States
- Transfer mechanism
- EU SCCs + UK IDTA
Upstash
Upstash, Inc.- Purpose
- Redis-based rate limiting and ephemeral caching
- Personal data
- IP addresses and request identifiers used for rate limiting and abuse prevention
- Processing location
- EU region
- Transfer mechanism
- EU SCCs + UK IDTA
Website analytics & marketing providers
The sub-processors above support the operation of the application itself. Third-party providers used on our public website for analytics and marketing (such as Google Analytics, Microsoft Clarity and the LinkedIn Insight Tag) are described, with their data practices and durations, in our Cookie Policy. Those tools run only with your consent where consent is required.
Questions
For questions about our sub-processors, to subscribe to change notifications, or to raise an objection, contact hello@privacyforge.io. See also our Data Processing Agreement and Privacy Policy.
Last updated: June 24, 2026 | Version: 1.0