Subprocessors

Last updated: 2026-04-17

Podley engages the following third-party subprocessors to provide the Service. Subprocessors process user data only as necessary to perform the service described here and are bound by data-processing terms that prohibit use of the data for any other purpose. This list mirrors Privacy Policy §4 and is the source of truth for CASA compliance evidence.

Material changes to this list are announced via in-app notification and email with at least 30 days’ notice before taking effect, per Privacy Policy §13.

Subprocessor	Purpose	Data handled	Location	DPA
Supabase supabase.com	PostgreSQL database hosting, authentication, realtime, and encrypted file storage (customer-uploads bucket).	All operational data - encrypted OAuth tokens, case records, customer photos, user accounts. Row-Level Security scopes every read.	United States (AWS us-east-1)	Executed
Vercel vercel.com	Application hosting and edge functions for the Next.js frontend and API routes.	In-memory during request handling only. Serves API routes that process Gmail content; nothing persisted at the Vercel layer.	United States + global edge	Executed
Anthropic anthropic.com	Claude large-language-model inference for email classification, draft generation, photo analysis, and voice profile synthesis.	Per-request only: parsed customer email body, case context, voice profile. Subject to truncation in audit logs. Anthropic may retain standard API requests for up to 30 days for abuse monitoring; never used to train models or shared with other customers.	United States	Standard commercial terms
Stripe stripe.com	Payment processing, subscription management, and billing portal.	Merchant-account billing: Stripe customer ID, subscription status. Payment instruments stored by Stripe directly - Podley never touches card numbers.	United States	Executed
Sentry sentry.io	Server-side and client-side error monitoring, including session replay for debugging UI errors.	Error events with content-scrubbed context (see SECURITY.md § Error Monitoring). Gmail body fields are never sent - enforced by beforeSend scrubber.	United States	Executed
PostHog posthog.com	Product analytics and feature-flag evaluation.	Feature-usage events (e.g., case_created, case_resolved) with aggregated counts. No Gmail content; no case-level PII.	United States	Standard commercial terms
Resend resend.com	Transactional email delivery for notifications sent BY Podley TO merchants (not customer-facing mail).	Merchant's own email address + notification content (summaries of case activity, billing alerts, account notices).	United States	Executed
Upstash (Redis) upstash.com	Distributed rate-limiting counter store.	IP-address hashes + endpoint identifiers for rate-limit buckets only. No user content.	United States + global edge	Standard commercial terms
Google (Gmail API, Pub/Sub, OAuth) cloud.google.com	Source of truth for the Gmail integration. Merchants grant OAuth access; Pub/Sub delivers real-time change notifications; OAuth verifies tokens.	Gmail messages read via API; outbound messages sent via API. Google is upstream - data originates with the merchant + their customers.	Global (Google infrastructure)	Standard commercial terms
Shopify (Admin API, Webhooks) shopify.com	Reads order + customer data per case to contextualize replies. Receives mandatory GDPR webhooks for data deletion requests.	Per-case read: order, customer name/email, fulfillment status, tracking, line items. Write access is scoped to the support actions you configure (refunds, cancellations, address edits, discounts).	Global (Shopify infrastructure)	Standard commercial terms
Print-on-Demand providers (Printify, Printful, Gooten, Gelato)	Merchant-provided API keys to fetch fulfillment status and tracking. Needed to answer "where is my order" style cases.	Order fulfillment status, tracking numbers, print quality claim data.	Varies by provider	Standard commercial terms

Requesting a formal DPA

Enterprise and compliance-focused merchants may request a Data Processing Agreement (DPA) that covers Podley’s obligations as a data processor under GDPR/CCPA. Contact privacy@podley.app.

Subprocessors

Last updated: 2026-04-17

Material changes to this list are announced via in-app notification and email with at least 30 days’ notice before taking effect, per Privacy Policy §13.

Subprocessor	Purpose	Data handled	Location	DPA
Supabase supabase.com	PostgreSQL database hosting, authentication, realtime, and encrypted file storage (customer-uploads bucket).	All operational data - encrypted OAuth tokens, case records, customer photos, user accounts. Row-Level Security scopes every read.	United States (AWS us-east-1)	Executed
Vercel vercel.com	Application hosting and edge functions for the Next.js frontend and API routes.	In-memory during request handling only. Serves API routes that process Gmail content; nothing persisted at the Vercel layer.	United States + global edge	Executed
Anthropic anthropic.com	Claude large-language-model inference for email classification, draft generation, photo analysis, and voice profile synthesis.	Per-request only: parsed customer email body, case context, voice profile. Subject to truncation in audit logs. Anthropic may retain standard API requests for up to 30 days for abuse monitoring; never used to train models or shared with other customers.	United States	Standard commercial terms
Stripe stripe.com	Payment processing, subscription management, and billing portal.	Merchant-account billing: Stripe customer ID, subscription status. Payment instruments stored by Stripe directly - Podley never touches card numbers.	United States	Executed
Sentry sentry.io	Server-side and client-side error monitoring, including session replay for debugging UI errors.	Error events with content-scrubbed context (see SECURITY.md § Error Monitoring). Gmail body fields are never sent - enforced by beforeSend scrubber.	United States	Executed
PostHog posthog.com	Product analytics and feature-flag evaluation.	Feature-usage events (e.g., case_created, case_resolved) with aggregated counts. No Gmail content; no case-level PII.	United States	Standard commercial terms
Resend resend.com	Transactional email delivery for notifications sent BY Podley TO merchants (not customer-facing mail).	Merchant's own email address + notification content (summaries of case activity, billing alerts, account notices).	United States	Executed
Upstash (Redis) upstash.com	Distributed rate-limiting counter store.	IP-address hashes + endpoint identifiers for rate-limit buckets only. No user content.	United States + global edge	Standard commercial terms
Google (Gmail API, Pub/Sub, OAuth) cloud.google.com	Source of truth for the Gmail integration. Merchants grant OAuth access; Pub/Sub delivers real-time change notifications; OAuth verifies tokens.	Gmail messages read via API; outbound messages sent via API. Google is upstream - data originates with the merchant + their customers.	Global (Google infrastructure)	Standard commercial terms
Shopify (Admin API, Webhooks) shopify.com	Reads order + customer data per case to contextualize replies. Receives mandatory GDPR webhooks for data deletion requests.	Per-case read: order, customer name/email, fulfillment status, tracking, line items. Write access is scoped to the support actions you configure (refunds, cancellations, address edits, discounts).	Global (Shopify infrastructure)	Standard commercial terms
Print-on-Demand providers (Printify, Printful, Gooten, Gelato)	Merchant-provided API keys to fetch fulfillment status and tracking. Needed to answer "where is my order" style cases.	Order fulfillment status, tracking numbers, print quality claim data.	Varies by provider	Standard commercial terms

Requesting a formal DPA

Enterprise and compliance-focused merchants may request a Data Processing Agreement (DPA) that covers Podley’s obligations as a data processor under GDPR/CCPA. Contact privacy@podley.app.