Subprocessors
We list every third party that touches your data. We notify customers at least 30 days before adding a new one.
| Provider | Purpose | Region | Certifications |
|---|---|---|---|
| Supabase (managed Postgres + auth) | Primary database, authentication, storage | US (us-east-1) | SOC 2 Type II, HIPAA BAA |
| Cloudflare | DNS, CDN, DDoS protection | Global edge | SOC 2 Type II, ISO 27001 |
| Google AI / OpenAI (via Lovable AI Gateway) | LLM-powered drafting of SSP and POA&M language. No customer evidence is sent without explicit user action. | US | SOC 2 Type II |
| Email delivery provider | Transactional email (account, password reset, share-link notifications) | US | SOC 2 Type II |
Last updated: May 1, 2026. To subscribe to subprocessor change notices, email trust@veesafetechnology.com.