Subprocessors
Last updated: February 12, 2026
PrivaBase uses the following third-party service providers (subprocessors) to deliver our platform. Each subprocessor has been vetted for security and compliance. Under GDPR Article 28, we maintain Data Processing Agreements (DPAs) with all subprocessors that handle personal data.
Vercel Inc.
United StatesApplication hosting, CDN, and serverless compute
Application requests, static assets, serverless function execution
SOC 2 Type II, GDPR DPA
Supabase Inc.
United States (US-East)Database hosting, authentication infrastructure
Account data, compliance records, application data
SOC 2 Type II, HIPAA
Stripe Inc.
United StatesPayment processing and billing
Billing information, payment methods, subscription data
PCI DSS Level 1, SOC 2 Type II
Resend Inc.
United StatesTransactional email delivery
Email addresses, email content (verification, password reset, issue reports)
SOC 2 Type II
Kit (ConvertKit) Inc.
United StatesEmail marketing and subscriber management
Email addresses, signup tags, sequence engagement data
GDPR DPA available
Google LLC
United StatesWebsite analytics (Google Analytics 4)
Anonymized IP, page views, session data (only with user consent)
ISO 27001, SOC 2, GDPR DPA
Namecheap Inc.
United StatesDomain registration and DNS management
DNS records only — no customer data processed
ICANN accredited
Change Notifications
We will notify customers at least 30 days before adding a new subprocessor or making material changes to existing subprocessor relationships. Enterprise customers on the Business plan and above receive email notifications of any subprocessor changes.
If you object to a new subprocessor, contact us at privacy@privabase.com within 30 days of notification.