Skip to content
Postcept
Trust

Sub-processors

To run Postcept we rely on a small set of third-party services. Each one below lists what it processes and where. We keep the list short on purpose, and we give notice before adding a new sub-processor.

Last updated: June 27, 2026

Sub-processorPurposeData processedLocation
Vercel Inc.Website and application hosting, CDNPage requests, IP addresses, request logsUnited States
Render Services, Inc.API hosting and computeVerification requests, application logsUnited States
Supabase Inc.Authentication and primary databaseAccount and organization records, encrypted connector credentialsUnited States
Stripe, Inc.Subscription billing and paymentsBilling contact, subscription and payment metadataUnited States
Functional Software, Inc. (Sentry)Application error monitoringDiagnostic error and performance dataUnited States
Plausible Insights OÜCookieless website analyticsAggregated, anonymized usage, no cookies, no personal dataEuropean Union

Systems of record are yours, not ours

The systems you connect for verification, Stripe, Zendesk, Salesforce, NetSuite, and the rest, are your own services, not Postcept sub-processors. Postcept reads them with the scoped, read-only credentials you provide, which are encrypted at rest and revocable at any time. We only read what a postcondition requires.

Notice of changes

Before a new sub-processor begins processing customer data, we update this page and give 30 days’ notice to customers who have asked to be notified. To subscribe to changes, email security@postcept.com. Our Data Processing Agreement covers how we handle personal data.

Doing a security review?

Our security posture, encryption, and signed-receipt model are documented, and we're happy to answer a questionnaire.