Subprocessor Registry - Simply Asking

Change Notifications

We provide 30 days advance notice before adding or changing subprocessors. You have 14 days to object to any changes.

Subscribe to updates: Email legal@simplyasking.io with subject "Subscribe to Subprocessor Updates"

Overview

This page lists all subprocessors that Simply Asking uses to provide our services. A subprocessor is a third-party service provider that processes personal data on our behalf. All subprocessors must meet our security and privacy standards, including SOC 2 certification and data protection agreements.

Current Subprocessors

Infrastructure & Hosting

Subprocessor	Purpose	Location	Certifications
Supabase	Database hosting, authentication, storage	United States	SOC 2 Type II
Vercel	Frontend hosting, API routes, CDN, DDoS protection, DNS	Global (Edge network)	SOC 2 Type II
Railway	Background worker hosting	United States	SOC 2 Type II
Upstash	Distributed rate limiting and caching	United States	SOC 2 Type II

AI & Machine Learning

Subprocessor	Purpose	Location	Certifications
OpenAI	Language models, embeddings	United States	SOC 2 Type II, ISO 27001
Google (Gemini API)	Entity extraction, chat fallback, embeddings fallback	United States	SOC 2, ISO 27001
Anthropic	Alternative language models	United States	SOC 2 Type II
LlamaParse	Document parsing and extraction (PDF, DOCX, PPTX)	United States	SOC 2 Type II

Payment Processing

Subprocessor	Purpose	Location	Certifications
Stripe	Payment processing, subscriptions	United States, EU	PCI DSS Level 1, SOC 2 Type II

Monitoring & Communication

Subprocessor	Purpose	Location	Certifications
Resend	Transactional emails	United States	SOC 2 Type II

Optional Integrations

These subprocessors are only used if you enable the corresponding integration:

Integration	Purpose	Location
Google Drive	Document sync	United States
Notion	Page sync	United States
Dropbox	File sync	United States
Slack	Notifications	United States
Trello	Card sync	United States (Atlassian)
HubSpot	CRM sync	United States

Security Requirements

All subprocessors must meet the following minimum requirements:

Certifications

SOC 2 Type II or equivalent
Regular third-party security audits

Technical Controls

Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)

Regional Data Processing

Data Location: All data is currently processed and stored in the United States. For questions about international data transfers, we maintain Standard Contractual Clauses (SCCs) with applicable subprocessors.

Contact legal@simplyasking.io for questions about international data handling.

Vendor Security Certifications

Our subprocessors maintain industry-standard security certifications. Customers can request copies of relevant certifications by contacting security@simplyasking.io.

Vendor	SOC 2 Type II	ISO 27001	GDPR Ready	Trust Center
Supabase	Yes	Yes	Yes	View
Vercel	Yes	Yes	Yes	View
Railway	Yes	In Progress	Yes	View
Stripe	Yes	Yes	Yes	View
OpenAI	Yes	Yes	Yes	View
Anthropic	Yes	Yes	Yes	View
Google Cloud	Yes	Yes	Yes	View
LlamaParse	Yes	In Progress	Yes	View

Certification status is verified annually. Contact security@simplyasking.io to request copies of vendor certifications for your compliance records.

Questions About Subprocessors?

Reach out for subprocessor change subscriptions, DPA requests, or international data handling questions.

Subprocessor Questions Request DPA