Trust
Sub-processors
To run Postcept we rely on a small set of third-party services. Each one below lists what it processes and where. We keep the list short on purpose, and we give notice before adding a new sub-processor.
Last updated: June 27, 2026
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Vercel Inc. | Website and application hosting, CDN | Page requests, IP addresses, request logs | United States |
| Render Services, Inc. | API hosting and compute | Verification requests, application logs | United States |
| Supabase Inc. | Authentication and primary database | Account and organization records, encrypted connector credentials | United States |
| Stripe, Inc. | Subscription billing and payments | Billing contact, subscription and payment metadata | United States |
| Functional Software, Inc. (Sentry) | Application error monitoring | Diagnostic error and performance data | United States |
| Plausible Insights OÜ | Cookieless website analytics | Aggregated, anonymized usage, no cookies, no personal data | European Union |
Systems of record are yours, not ours
The systems you connect for verification, Stripe, Zendesk, Salesforce, NetSuite, and the rest, are your own services, not Postcept sub-processors. Postcept reads them with the scoped, read-only credentials you provide, which are encrypted at rest and revocable at any time. We only read what a postcondition requires.
Notice of changes
Before a new sub-processor begins processing customer data, we update this page and give 30 days’ notice to customers who have asked to be notified. To subscribe to changes, email security@postcept.com. Our Data Processing Agreement covers how we handle personal data.
Doing a security review?
Our security posture, encryption, and signed-receipt model are documented, and we're happy to answer a questionnaire.