Subprocessors
AEGIS by Hu engages the third parties listed below to deliver the platform. Each receives only the personal data described, under a signed Data Processing Agreement. Customers receive at least 30 days’ advance notice of any addition or replacement and may object on data-protection grounds, per clause 6.2 of the customer DPA.
Active subprocessors
| Vendor | Purpose | Personal data | Region | Certifications | DPA |
|---|---|---|---|---|---|
| Supabase | Primary database; row-level data store | All customer-uploaded personal data | EU_WEST (Frankfurt) | SOC 2 Type II | DPA |
| Clerk | Authentication (SSO, MFA, session management) | End-user emails, names, IPs, device metadata | US (free tier today; migrating to EU residency on Enterprise tier before first EU regulated customer go-live) | SOC 2 Type II | DPA |
| Vercelplanned | Application hosting (Next.js front-end + edge middleware) | All request-level data in transit; no persistent storage | Edge global, primary functions in fra1 (EU) by go-live | SOC 2 Type II, ISO 27001 | DPA |
| Sentry | Error / exception monitoring | Stack traces, user IDs in error context (PII scrubbed via beforeSend hook) | EU | SOC 2 Type II, ISO 27001 | DPA |
| Better Stack | Logs + uptime monitoring + status page | Application log lines; may contain user IDs and tenant IDs | EU | SOC 2 Type II | DPA |
| GitHub (Actions, repository) | Source control + CI/CD | None expected — the repository holds no production data; CI processes test data only | US | SOC 2 Type II, ISO 27001 | DPA |
| Anthropic | AI / LLM-backed features (analysis, narrative generation) | Whatever the customer submits to an AI route — may include personal data depending on use case; transmitted under DPA terms with no training-data retention | US | SOC 2 Type II, ISO 27001 | DPA |
| Resendplanned | Transactional email | Recipient email + message body | EU | SOC 2 Type II | DPA |
Per-vendor notes
- Supabase
- Stage 2 of the multi-region rollout will add UK / DIFC / SG / HK regional projects (see docs/DATA_RESIDENCY.md).
- Point-in-time recovery for 7 days on the current plan; longer retention on paid tier when needed.
- Onward subprocessor: AWS (their host) — see Supabase's own subprocessor list.
- Clerk
- Free-tier residency caveat: Clerk free tier stores user data in the US. We will migrate to Clerk's Enterprise plan with EU data residency before any UK / EU regulated customer goes live with real data.
- MFA: TOTP and passkey support enabled.
- Vercel
- Deploy target not yet finalised in production; Cloudflare Pages is the alternative. Whichever is chosen, the DPA + region pinning are in place before the first deploy with real data.
- Anthropic
- Training-data retention: disabled by default for paid API customers under Anthropic's commercial terms. We do not opt in.
- Routes that send data to Anthropic: any /api/* route that calls into apps/web/src/lib/aiComplianceEngine.ts. The customer DPA flags this as a sub-processing relationship; the UI labels AI-backed actions explicitly.
Non-personal-data vendors
Vendors used in adjacent contexts (marketing site, billing) that don’t process customer personal data and therefore aren’t subprocessors in the GDPR sense. Listed here for transparency only.
| Vendor | Purpose | What we send |
|---|---|---|
| Cloudflare | DNS / DDoS protection on the marketing domain | DNS queries only |
| Stripe (planned) | Billing | Customer billing contact + payment data only — separate from platform data; their own DPA applies |
Sub-subprocessors
We do not maintain a public list of our subprocessors’ own subprocessors. Customers can request these from each vendor’s public subprocessor page (linked above) or ask us via the DPO email.
Last reviewed: 2026-06-25 (page renders the live data from @/lib/subprocessors).