Back to Trust
Sub-Processor List
Third-Party Sub-Processors
Last updated: April 27, 2026
We use third-party services to operate Tempreon. This page lists all sub-processors — companies that process personal data on our behalf. Each provider is selected for their security posture, and all maintain SOC 2 Type II certification or equivalent.
We will provide at least 30 days advance notice via email before adding new sub-processors that involve a new category of data processing. Changes to providers within the same service category do not constitute a material change.
| Service | Category | Data Processed | Location | Certifications |
|---|---|---|---|---|
| Supabase | Database & Infrastructure | All user data (Core Imprint, Knowledge Vault, Instincts, behavioral signals) | United States (AWS us-east-1) | SOC 2 Type IIHIPAA BAA Available |
| Anthropic | AI Inference | User prompts, knowledge content assembled for context, Core Imprint sections | United States | SOC 2 Type IIISO 27001:2022ISO/IEC 42001:2023 |
| Vercel | Hosting & CDN | Request metadata, server logs, static assets | United States / Global Edge | SOC 2 Type IIISO 27001PCI DSS v4.0 |
| Stripe | Payment Processing | Billing data, payment methods, subscription status | United States / Global | PCI DSS Level 1SOC 2 Type IIISO 27001 |
| Resend | Transactional Email | Email addresses, email content for transactional messages | United States | SOC 2 Type II |
| PostHog | Product Analytics | Usage events, session data, feature interactions (consent-gated) | United States / EU | SOC 2 Type IIHIPAA |
| Sentry | Error Monitoring | Error data, stack traces, minimal user context for debugging | United States | SOC 2 Type IIISO 27001 |
| Cloudflare | Bot & Abuse Mitigation | IP address, browser fingerprint signals, request metadata for Turnstile bot challenges on authentication and support surfaces | Global edge | SOC 2 Type IIISO 27001ISO 27018 |
| Upstash | Rate Limiting | IP address, timestamp, request count for sliding-window rate limits on authentication and support endpoints. Counters expire automatically. | United States (AWS us-east-1) | SOC 2 Type II |
| Google Analytics (GA4) | Web Analytics | Page views, device info, usage data (consent-gated) | United States / Global | SOC 2 Type IIISO 27001 |
| Google Tag Manager | Tag Management | Script delivery mechanism only — no user data stored | United States / Global | SOC 2 Type IIISO 27001 |
Change Log
| Date | Change |
|---|---|
| April 27, 2026 | Added Cloudflare (Bot & Abuse Mitigation) and Upstash (Rate Limiting) following pre-launch security hardening |
| April 6, 2026 | Initial sub-processor list published |
Questions about our sub-processors?
For questions about data processing or sub-processor changes, contact legal@tempreon.com