SUBPROCESSORS
Who processes your data, and why.
Stackr operates from Almaty, Republic of Kazakhstan and uses the third parties below to run the service. Most subprocessors are US-based, so customer data flows customer → Stackr (KZ) → US subprocessors. We update this page at least 30 days before adding any new subprocessor that will handle customer data. To get notified of changes, email privacy@stackr.work.
Supabase
AWS US EastPurpose: Primary database, authentication, file storage, Vault for OAuth tokens
Data: All customer data: user records, events, briefs, integration credentials (encrypted in Vault)
Provider DPA →Netlify
Global edge / origin USPurpose: Web hosting, edge functions, DNS
Data: HTTP request/response metadata, IP addresses (access logs)
Provider DPA →Anthropic (Claude)
United StatesPurpose: AI model that generates briefs and answers Ask Stackr
Data: Scrubbed event summaries + metadata (bodies, emails, URLs removed before send). No raw teammate messages.
Provider DPA →Inngest
United StatesPurpose: Background job orchestration (brief generation cron, webhook handlers)
Data: Job payloads (event IDs, brief IDs). No customer content.
Provider DPA →Resend
United StatesPurpose: Transactional email delivery (brief delivery, magic links)
Data: Email addresses, message subject, message body (which contains brief summaries)
Provider DPA →INTEGRATIONS (customer-authorized)
These tools are not subprocessors of Stackr. They are systems the customer authorizes Stackr to read from via OAuth or tokens. Stackr never writes to them.
StripeGitHubLinearSentryVercelClickUpSlackTelegramHubSpotCrispNotionGoogle Calendar
Last updated: 2026-07-10. Questions: privacy@stackr.work.