Sub-processors
Who we trust with your data.
A live list of every third-party service that processes customer data on behalf of Marketeer. We update this page when anything changes; existing customers are notified ≥ 30 days before a new sub-processor is added.
| Sub-processor | Purpose | Data class | Region | Compliance |
|---|---|---|---|---|
| Vercel | Hosting and CDN | App traffic, request metadata | US / EU multi-region | SOC 2 II, ISO 27001 |
| Supabase | Primary database (Postgres + pgvector) | Briefs, assets metadata, audit log | eu-west-1 (Ireland) | SOC 2 II, GDPR |
| Inngest | Durable workflow orchestration | Workflow events | us-east-1 | SOC 2 II |
| OpenAI | LLM, embeddings, transcription, images | Step-scoped customer content | US | SOC 2 II — no training on customer data |
| Anthropic | Long-context LLM (Claude) | Step-scoped customer content | US | SOC 2 II — no training on customer data |
| WorkOS | SSO (SAML), SCIM | Identity metadata | US / EU | SOC 2 II |
| Clerk | Auth (when SSO not in use) | Identity metadata | US / EU | SOC 2 II |
| Cloudflare | Edge protection, DNS, WAF | Network metadata | Global | SOC 2 II, ISO 27001 |
| PostHog | Product analytics + error monitoring | Event data + scrubbed error context | EU | GDPR-compliant deployment |
| Stripe | Billing and invoicing | Billing contact, invoices | US / EU | PCI-DSS L1 |
| Resend | Transactional email | Email metadata | US | SOC 2 II |
| Liveblocks | Real-time collaboration (presence) | Ephemeral session state | US / EU | SOC 2 II |
Change notification
Customers can subscribe to sub-processor updates by emailing security@marketeerlabs.com. Material changes (new vendor, new region, new data class) are notified at least 30 days in advance.
For DPAs, security questionnaires, or audit reports, see the security page or write to security@marketeerlabs.com.