Our subprocessors
Every third-party service that may process your personal data on our behalf. We give 14 days' advance notice before adding a new subprocessor.
Last updated May 11, 2026. To object to a new subprocessor, email [email protected] within the notice period.
Core infrastructure
Supabase
Privacy policyPurpose
Database, authentication, file storage
Data
Account profile, encrypted credentials, user-generated content
Location
US (EU regions available)
Vercel
Privacy policyPurpose
Application hosting, edge functions, request logs
Data
HTTP request metadata, edge cache
Location
Global edge
Cloudflare
Privacy policyPurpose
CDN, DNS, DDoS protection
Data
Request metadata, IP addresses
Location
Global
AI / content generation
OpenAI
Privacy policyPurpose
Article generation, SEO scoring, image generation
Data
Prompts (your inputs), generated text
Location
United States
Anthropic
Privacy policyPurpose
Article generation (alternative model)
Data
Same when this model is selected
Location
United States
Google AI
Privacy policyPurpose
Gemini model for article generation (when selected)
Data
Same when this model is selected
Location
United States
Pexels
Privacy policyPurpose
Royalty-free image search
Data
Search keywords (not user PII)
Location
United States
Billing & payments
Stripe
Privacy policyPurpose
Subscription billing, card processing
Data
Name, email, billing address, last-4 of card (full card never touches our servers)
Location
United States, Ireland
Email & notifications
Resend
Privacy policyPurpose
Transactional email (welcome, billing, alerts, digests)
Data
Recipient email, message body
Location
United States
Zoho
Privacy policyPurpose
Legacy SMTP email (being phased out)
Data
Recipient email, message body
Location
United States, India
Analytics & monitoring
PostHog
Privacy policyPurpose
Product analytics (page views, feature usage)
Data
Pseudonymous user ID, session events, truncated IP
Location
US / EU options
Sentry
Privacy policyPurpose
Error monitoring
Data
Stack traces, request URLs, browser metadata
Location
US / EU options
Your publishing destinations (only when you connect them)
Your WordPress / Ghost / Shopify / HubSpot / Notion / Airtable / Google
Privacy policyPurpose
Publishing generated articles to your CMS
Data
Encrypted API tokens you provided, generated post content
Location
Wherever you host the destination
Data Processing Agreements
We have signed Data Processing Agreements with our subprocessors where required. If your organization requires a DPA with AutoPublish for GDPR Article 28 compliance, email [email protected] and we'll execute one within 5 business days.