Subprocessors
Last updated: February 23, 2026
Inbox Insignia uses the following third-party service providers (subprocessors) to help deliver our services. Each subprocessor processes personal data only as necessary for their stated purpose and under contractual obligations consistent with applicable data protection laws.
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase, Inc. | Database hosting, authentication, file storage | User accounts, workspace data, domain records, DMARC reports, audit logs | United States |
| Stripe, Inc. | Payment processing, subscription management | Email address, billing information, subscription data | United States |
| Vercel, Inc. | Application hosting, edge network, serverless functions, analytics | Request metadata, anonymized usage analytics | United States (global edge network) |
| Resend, Inc. | Transactional email delivery | Recipient email addresses, email content | United States |
Changes to Subprocessors
We will provide at least 30 days advance notice before adding a new subprocessor or materially changing how an existing subprocessor processes personal data. Notification will be sent via email to the primary contact of each workspace with an active DPA. If you object to a new subprocessor, you may terminate your subscription before the change takes effect.
Subprocessor Security
Each subprocessor has been vetted and maintains appropriate security certifications:
- Supabase: SOC 2 Type 2
- Stripe: PCI DSS Level 1, SOC 2 Type 2
- Vercel: SOC 2 Type 2, ISO 27001
- Resend: SOC 2 Type 2
Contact
For questions about our subprocessors, contact privacy@inboxinsignia.com. For DPA inquiries, see /dpa.