Sub-Processors
Third-party service providers that process your data when you use our platform.
Posted: April 1, 2026
A sub-processor is a third-party data processor engaged by Provider, including entities from within Provider, who has access to or processes customer content containing personal information. Provider uses sub-processors to assist it in providing the software services as described in the Terms of Service (the "Agreements"). Defined terms used herein shall have the same meaning as defined in the respective Agreement.
Due Diligence
Provider evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or otherwise process customer content and enters into Data Protection Agreements with each such sub-processor. Provider provides notice of new sub-processors via this advisory, with updates to the list of sub-processors that are utilized. Provider undertakes to keep this list updated regularly.
Contractual Safeguards
This advisory does not give customers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate Provider's engagement process for sub-processors as well as to provide the actual list of third-party sub-processors used by Provider as of the date of this advisory (which Provider may use in the delivery and support of its software services).
Current Sub-Processors
The following is a list of our current sub-processors, including their names, locations, and the services they provide:
| # | Sub-Processor | Service / Purpose | Typical personal-data elements | Processing location |
|---|---|---|---|---|
| 1 | Supabase Inc. | Database and object storage | Workspace data, documents, uploaded files, application records | USA |
| 2 | Railway Corp. | Application hosting and compute infrastructure | Application traffic, request metadata, server logs | USA |
| 3 | Stripe, Inc. | Payment processing and subscription billing | Name, email, billing address, tokenized payment credentials, transaction history | USA |
| 4 | Amazon Web Services, Inc. | Key management and encryption | Encryption keys and ciphertext | USA |
| 5 | Google LLC | LLM inference | User prompts, documents, and generated output that may contain personal data | USA |
| 6 | OpenAI OpCo, LLC | LLM inference | User prompts, documents, and generated output that may contain personal data | USA |
| 7 | Perplexity AI, Inc. | LLM inference | User prompts, documents, and generated output that may contain personal data | USA |
| 8 | Upstash Inc. | Serverless cache and rate limiting | IP addresses, request counters, session metadata | USA |
| 9 | Functional Software, Inc. (Sentry) | Error tracking and performance monitoring | Error stack traces, anonymized user identifiers, request breadcrumbs | USA |
| 10 | Resend, Inc. | Email processing | Email addresses, message bodies, headers, file attachments | USA |
| 11 | Okta, Inc. | Identity and single sign-on | User email, profile attributes, OAuth tokens | USA |
| 12 | Microsoft Corp. | Chat integration and identity services | Chat messages, conversation metadata, user directory profiles | USA |
| 13 | Slack Technologies, LLC | Chat integration | Messages, channel metadata, user identifiers | USA |
| 14 | Composio, Inc. | Third-party application connectors | OAuth tokens and account metadata for connected services | USA |
Data Security and Processing Locations
All our sub-processors are required to maintain appropriate security measures to protect your data. They are contractually bound to process your data only in accordance with our instructions and applicable data protection laws.
While we primarily store and process data in the United States, some of our sub-processors may transfer data internationally. In such cases, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses approved by the European Commission.
Compliance with Privacy Laws
Our agreements with sub-processors require them to comply with applicable privacy and data protection laws, including:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Other applicable U.S. state privacy laws
Contact Information
If you have any questions or concerns about our sub-processors or how we handle your data, please contact our Data Protection Officer at:
White Shoe AI
Email: [email protected]