Sub-processors
v2026-05-27
| Role | Certifications | |||
|---|---|---|---|---|
| Cloudflare, Inc. | CDN / edge compute (Workers) / object storage (R2) / KV / Durable Objects / D1 / Pages / Email Routing | Global (anycast) with regional pinning where configured | ISO 27001, SOC 2 Type II, ISO 27018, PCI DSS Level 1, EU–US DPF | Feb 12, 2026 |
| Clerk, Inc. | Authentication, SSO, MFA — stores email, name, password hash, session tokens | United States (us-east-1) | SOC 2 Type II, GDPR, CCPA, EU–US DPF | Jan 30, 2026 |
| Stripe, Inc. | Payment processing and subscription billing — stores billing email + payment-method tokens | United States; EU customers processed by Stripe Payments Europe Ltd. (Ireland) | PCI DSS Level 1, SOC 2 Type II, ISO 27001, EU–US DPF | Mar 4, 2026 |
| Resend | Transactional email (account verification, newsletters, sub-processor notices) + Audience for newsletter opt-in list | United States | SOC 2 Type II (in progress per Resend docs) | May 27, 2026 |
| Sentry (Functional Software, Inc.) | Application error monitoring — stores error events with PII fields scrubbed by config | United States (Sentry SaaS Cloud) | SOC 2 Type II, GDPR | May 27, 2026 |
| Plausible Analytics | Privacy-first web analytics for public docs site — cookieless, no PII collected | European Union (Germany) | GDPR (cookieless by design, no personal data collected) | May 27, 2026 |
| Better Stack, Inc. (Better Uptime) | Public status page — displays operational status; no customer personal data processed | European Union | GDPR | May 27, 2026 |
| GitHub, Inc. (Microsoft) | Source code hosting, CI pipeline, release artifact publishing | United States | SOC 2 Type II, ISO 27001, GDPR, EU–US DPF | May 27, 2026 |