Trust
Sub-processors
15 vendors that may process Cavaridge customer data. Exhaustive list, kept honest.
Operator + counsel review pending. 15 of 15 rows are flagged
legal_review_required: true in docs/legal/subprocessors.yaml. Operator + counsel walk the file, attach evidence URLs, then flip the flag row by row. Until a row is reviewed, do not rely on its contractual basis claim without independent verification.Last reconciled against the codebase: 2026-05-05. Material changes are notified to BAA-covered tenants at least 30 days in advance per the BAA template.
| Vendor | Purpose | Data class | PII / PHI | Region | Basis | Evidence | Review |
|---|---|---|---|---|---|---|---|
Railway Corp. Railway | Application hosting, container orchestration, managed Redis, build runners | Content | PIIPHI | us-west2 (Oregon) | DPA + BAA | PENDING | pending |
Supabase Inc. Supabase Postgres + Auth helpers + pgvector | Primary application database (cavaridge-platform-prod), row-level security enforcement, vector storage | Content | PIIPHI | us-west-2 (Oregon) | DPA + BAA | PENDING | pending |
Clerk, Inc. Clerk authentication + session management | User identity, session tokens, organization membership | Identity | PII | United States | DPA | PENDING | pending |
Stripe, Inc. Stripe + Stripe Connect Express | Payment processing, billing, partner payouts (PROD-08) | Billing | PII | United States | DPA | PENDING | pending |
Cloudflare, Inc. Cloudflare DNS + CDN + DDoS | DNS resolution, edge caching, TLS termination, DDoS mitigation | Telemetry | PII | Global edge | DPA | PENDING | pending |
Doppler, Inc. Doppler secrets management | Secrets distribution to Railway services and GitHub Actions | Secrets | — | United States | DPA | PENDING | pending |
OpenRouter, Inc. OpenRouter LLM gateway | Routing layer between Spaniel and underlying model providers | Content | PIIPHI | United States | DPA + BAA | PENDING | pending |
Anthropic, PBC Claude API (via OpenRouter; direct via @anthropic-ai/sdk in select packages) | LLM inference (default model family for most agent workflows) | Content | PIIPHI | United States | BAA | PENDING | pending |
OpenAI, L.L.C. OpenAI API (via OpenRouter; direct via openai SDK in select packages) | LLM inference (alternative model family) | Content | PIIPHI | United States | BAA | PENDING | pending |
Google LLC Gemini API (via OpenRouter) | LLM inference (alternative model family) | Content | PIIPHI | United States | BAA | PENDING | pending |
Functional Software, Inc. (Sentry) Sentry error monitoring | Application error capture, stack trace aggregation | Telemetry | PII | United States | DPA | PENDING | pending |
Finto Technologies GmbH (Langfuse) Langfuse LLM observability | Prompt + response tracing, evaluation, latency tracking | Content | PIIPHI | EU (with US deployment option) | DPA + BAA | PENDING | pending |
Resend.com, Inc. Resend transactional email | Transactional email delivery (Cavaridge Herald) | Identity | PII | United States | DPA | PENDING | pending |
GitHub, Inc. GitHub source control + Actions | Source control, CI/CD | — | — | United States | DPA | PENDING | pending |
Pax8, Inc. Pax8 Marketplace (PROD-08) | Reseller marketplace listing distribution | Billing | PII | United States | DPA | PENDING | pending |
Evaluated, not engaged
- HackerOne / Bugcrowd: VDP runs in-house at PROD-09 launch. May add a managed bug bounty later (operator decision).
- PagerDuty / Opsgenie: On-call paging is operator-side at PROD-09 launch (single-operator rotation).
- Segment / PostHog / Mixpanel / Amplitude: Cavaridge does not run third-party analytics. Pulse is the in-house telemetry layer.
See also: /security · /legal/privacy · BAA request.