Last updated: May 2026
Subprocessors
We rely on processors to operate Trade-OS. They receive only what is needed for their documented role under our vendor agreements (processor terms / DPA equivalents as supplied by each provider). Listed “active when configured” vendors do not ingest personal data operationally unless the referenced environment variables or keys are actually set on that deployment.
Supabase
- Purpose
- Managed PostgreSQL, authentication, object storage, edge tasks.
- Data categories (summary)
- Account identifiers, transactional business rows you enter, session tokens, file uploads you attach to workflows.
- Status
- Always on for standard live deployments (London/EU-aligned as configured).
- DPA / processor terms
- ✅ Controller–processor agreement in place (Supabase contractual package).
Vercel
- Purpose
- Hosting, CDN, Git-backed builds, Node/Edge runtime for Next.js routes.
- Data categories (summary)
- Request/response artefacts for pages and APIs — same classes as surfaced in the web application and server logs operating on Vercel.
- Status
- Always on for deployments using Vercel.
- DPA / processor terms
- ✅ Vercel data processing terms / DPA accepted.
PostHog
- Purpose
- Product safety, reliability, usage patterns, error/flow diagnostics, and proportionate AI-operation monitoring — via explicit browser opt-in and strictly typed events (no raw quote text, prompts, uploads, or contact fields).
- Data categories (summary)
- Pseudonymous PostHog identifiers in localStorage, coarse event metadata (feature keys, route groups, boolean flags, counts, non-sensitive status labels).
- Status
- Active capability where
NEXT_PUBLIC_POSTHOG_KEYis set; SDK still initialises only after the subscriber selects “Allow product safety & analytics” on that browser. - DPA / processor terms
- ✅ PostHog's standard controller–processor terms accepted for cloud use.
Anthropic
- Purpose
- AI model inference for assistive features (for example quoting/estimation and internal catalogue tooling) where the codebase routes requests through Anthropic-compatible APIs or SDKs on our backend.
- Data categories (summary)
- Prompt-sized inputs from authenticated routes (for example job text a subscriber deliberately submits, catalogue chunks). Structured customer contact fields are excluded from prompt assembly by design; only free-text a subscriber chooses to include is processed. Prompts and completions are retained under our operational policies, not in client analytics.
- Status
- Active when invoked by features you use that call upstream Anthropic-hosted models — not dormant if those paths are live.
- DPA / processor terms
- ✅ Processor terms covering API use accepted.
Resend
- Purpose
- Operational transactional mail (including support notifications).
- Data categories (summary)
- Envelope recipients, subject lines, plaintext/HTML bodies we construct for notices.
- Status
- Active when configured — requires
RESEND_API_KEY,EMAIL_FROM, routing such asSUPPORT_NOTIFY_EMAILdepending on pathway. - DPA / processor terms
- ✅ Processor terms covering email API accepted.
Stripe
- Purpose
- Subscriptions, Checkout, Billing Portal links, webhook handling.
- Data categories (summary)
- Billing artefacts Stripe processes (payments metadata, Tax/VAT tooling as enabled).
- Status
- Active when configured — Stripe secret & publishable keys supplied for the deployment.
- DPA / processor terms
- ✅ Stripe data processing agreement / SaaS processor terms accepted.
Not live in product paths today
Auxiliary CRM tooling, outbound marketing automation, customer data warehouses, and similar processors are not wired into runtime flows until they earn a deliberate entry here.
Changes
Material processor additions or substitutions — particularly for database, auth, or AI inference — surface on this page and align with notices in our Privacy Policy when practical.