Current subprocessors
| Subprocessor | Purpose | Region | Data accessed |
|---|---|---|---|
| Supabase | Managed Postgres database | US-West (Phase 1: Toronto, Canada) | All structured tenant data |
| Stripe | Payment processing via Stripe Connect | Global | Payment method tokens, transaction metadata |
| Cloudflare | CDN + edge security | Global | Cached static assets, request metadata |
| Cloudflare R2 | File storage (S3-compatible) | US | Member uploads, logos, branded assets |
| Resend | Transactional email | EU + US | Recipient email addresses, message content |
| Sentry | Error monitoring | US | Application errors (no PII in payloads) |
| Better Stack | Uptime + status monitoring | EU | URL health checks (no tenant data) |
| Anthropic | AI features (renewal drafts, lapse detection, CSV cleanup) | US | Tenant data passed to Claude API. Opt-out available per tenant. |
Notification policy
Sembr provides 30 days notice before adding or changing a subprocessor. Customers can subscribe to changes using the contact link in the footer with the subject line "subprocessor updates."
What we don't do
- No data sold or shared with advertising platforms. We have no ads, no tracking pixels, no data brokers.
- No SaaS analytics that ship PII. No Mixpanel, Amplitude, FullStory, etc.
- No data warehouses fed from production. Internal analytics use anonymized aggregates only.
The full policy
We are drafting the full subprocessor policy with privacy counsel ahead of public launch. For specifics today, use the contact link in the footer.