Subprocessors
The third-party processors that handle SuperPost customer data, what they do, and where they sit.
Last updated
⟩ Infrastructure
Fly.io — application compute host running every backend service. Region: United States (iad). Transfer: SCCs.
Neon — managed Postgres; the primary application database holding workspace data at rest. Region: aws-us-east-1. Transfer: SCCs.
Cloudflare — CDN, WAF, R2 object storage, Workers, Pages. Region: global edge. Transfer: SCCs.
Temporal Technologies (Temporal Cloud) — durable workflow orchestration for publishing, rendering, and scheduling. Region: United States. Transfer: SCCs.
Amazon Web Services (AWS) — residual infrastructure only: the self-hosted Redpanda (Kafka) event bus, AWS Backup, and AWS Secrets Manager. Region: us-east-1. Transfer: SCCs.
⟩ Authentication and identity
Clerk — authentication, session management, MFA (TOTP). Region: United States. Transfer: SCCs. TOTP secrets and backup codes never traverse our infrastructure.
GitHub (Microsoft) — OAuth identity provider and customer-directed repo data source. Region: United States. Transfer: customer-directed via OAuth scopes.
⟩ AI / model providers
Anthropic — Claude models for content generation. Region: United States. Transfer: SCCs. Zero-retention API tier — prompts and outputs are not retained for training.
ElevenLabs — voice synthesis (outbound variants + the internal voice-drift critic), each behind its own opt-in consent. Region: United States. Transfer: SCCs.
Modal Labs — GPU lip-sync video rendering; receives synthesized cloned-voice audio and a face image, gated by the same voice-clone consent as ElevenLabs. Region: United States. Transfer: SCCs.
fal.ai — generative image inference (Flux / SDXL) for post visuals when no screenshot asset exists. Region: United States. Transfer: SCCs. Only prompt text and generated images transit — no identifiers, no voice.
Voyage AI — text embeddings for the per-workspace winner/loser critic classifier. Region: United States. Transfer: SCCs. Only post body text leaves our infrastructure — no identifiers, no voice biometrics.
⟩ Payments
Stripe — billing, subscription management, tax compliance. Region: United States + EU. Transfer: SCCs. Card data never touches our infrastructure (Stripe-hosted Checkout).
Resend — transactional email (DSAR download links, billing receipts, notifications). Region: United States. Transfer: SCCs.
⟩ Analytics and monitoring
PostHog — product analytics (EU Cloud). Region: Frankfurt, EU. Transfer: local (EU residency); identifiers hashed pre-ingest where feasible.
Sentry — error tracking and performance monitoring. Region: United States + EU (project-level). Transfer: SCCs. PII scrubbing applied at the SDK layer.
⟩ Consent and e-signature
Cookiebot (Cybot) — cookie consent management. Region: Denmark, EU. Transfer: local.
Dropbox Sign (formerly HelloSign) — e-signature for the DPA and custom contracts. Region: United States. Transfer: SCCs. Engaged only when a customer signs a DPA or order form.
⟩ Notification of changes
We notify customers at least 30 days in advance of adding or replacing any subprocessor, via the RSS feed at /legal/subprocessors.rss and to legal-updates@superpost.io. Customers may object in writing during that window per the DPA.