SUBPROCESSORS

Who processes your data, and why.

Stackr operates from Almaty, Republic of Kazakhstan and uses the third parties below to run the service. Most subprocessors are US-based, so customer data flows customer → Stackr (KZ) → US subprocessors. We update this page at least 30 days before adding any new subprocessor that will handle customer data. To get notified of changes, email privacy@stackr.work.

Supabase

AWS US East
Purpose: Primary database, authentication, file storage, Vault for OAuth tokens
Data: All customer data: user records, events, briefs, integration credentials (encrypted in Vault)
Provider DPA →

Netlify

Global edge / origin US
Purpose: Web hosting, edge functions, DNS
Data: HTTP request/response metadata, IP addresses (access logs)
Provider DPA →

Anthropic (Claude)

United States
Purpose: AI model that generates briefs and answers Ask Stackr
Data: Scrubbed event summaries + metadata (bodies, emails, URLs removed before send). No raw teammate messages.
Provider DPA →

Inngest

United States
Purpose: Background job orchestration (brief generation cron, webhook handlers)
Data: Job payloads (event IDs, brief IDs). No customer content.
Provider DPA →

Resend

United States
Purpose: Transactional email delivery (brief delivery, magic links)
Data: Email addresses, message subject, message body (which contains brief summaries)
Provider DPA →
INTEGRATIONS (customer-authorized)

These tools are not subprocessors of Stackr. They are systems the customer authorizes Stackr to read from via OAuth or tokens. Stackr never writes to them.

StripeGitHubLinearSentryVercelClickUpSlackTelegramHubSpotCrispNotionGoogle Calendar
Last updated: 2026-07-10. Questions: privacy@stackr.work.
Subprocessors | Stackr