This page lists every third-party service that processes data on behalf of legaltoplain.com. Material changes — adding a new sub-processor with access to user data — are announced by email at least 30 days in advance, giving customers time to object before the change takes effect.
| Sub-processor | Purpose | Data accessed | Location | DPA |
|---|---|---|---|---|
| Anthropic | AI model that generates summaries, translations, red-flag analyses, and Q&A responses. | Document content (text or images), Q&A messages. Per Anthropic's policy, content sent via API is not retained beyond the call and not used for training. | USA | Auto-applied via Anthropic Commercial Terms. |
| Supabase | Postgres database, user authentication, private file storage. | Account data, document metadata, document files (until retention deletion), result data. | USA (primary region) | Supabase DPA. Pro plan with PITR backups. |
| Vercel | Application hosting, edge function runtime, log forwarding. | All HTTP requests, build logs, runtime logs. No persistent storage of user data. | USA / global edge | Vercel DPA. |
| Stripe | Payment processing. We never see your card data; Stripe handles it directly. | Email, billing address (when entered), Stripe customer ID, charge history. | USA (Ireland for EU customers via Stripe Payments Europe). | Stripe DPA. |
| Resend | Transactional email delivery (result links, refund confirmations, magic-link emails) and marketing emails (abandoned-cart, future newsletter). | Recipient email address, subject, body. Bounce/complaint events return to us via webhook. | USA | Resend DPA. |
| Sentry | Application error monitoring. | Error stack traces, request metadata, user ID (no document content). | USA | Sentry DPA. |
| PostHog | Product analytics: page views, feature usage, conversion events. | Anonymized event data + email if user is logged in. | USA Cloud (also EU available). | PostHog DPA. |
| Cloudflare | DNS, Turnstile bot protection. | IP address, request metadata. Briefly held to compute the verification challenge. | Global edge | Cloudflare DPA. |
| Upstash | Rate limiting (Redis storage of request counters). | IP address, hashed identifier, request count. Counters expire automatically. | USA | Upstash DPA. |
| BetterStack | Uptime monitoring (synthetic checks against /api/healthz) and log aggregation (forwarded from Vercel). | Synthetic check results, application logs (no document content). | USA / EU | BetterStack DPA. |
What is NOT a sub-processor
- GitHub: stores our source code. Does not process customer data.
- Inngest: workflow orchestration runs on Vercel infrastructure; Inngest Cloud only stores function metadata, not document content.
- Pushover: on-call alerts to operators only. Does not receive customer data.
Third-party JavaScript on the website
Our pages load only one external script: PostHog product analytics (opt-in via the cookie banner; disabled by default if your browser sends a GPC signal). No advertising trackers, no third-party fingerprinting.
How to object
If you object to a new sub-processor we add, you may terminate your account during the 30-day notice window. Email privacy@legaltoplain.com to record your objection.