Subprocessors
SpendReady (Fix Your Cloud LLC) uses the following third-party subprocessors to provide the service. All subprocessors are bound by data processing agreements that provide at least equivalent data protection to SpendReady's own commitments.
Last updated: May 25, 2026. We will notify customers with active subscriptions at least 30 days before adding or replacing a subprocessor.
| Subprocessor | Country | Purpose |
|---|---|---|
| Supabase | United States | Database, authentication, and row-level secure data storage |
| Vercel | United States / Global edge | Application hosting (US compute) and global edge delivery (CDN). Salesforce org data is processed only in US compute regions; edge CDN serves static assets only. |
| Resend | United States | Transactional email delivery (reports, notifications, account emails) |
| Stripe | United States / EU | Payment processing and subscription billing. Stripe operates US and EU processing regions; data residency follows Stripe's customer-segment routing. |
| PostHog | United States | Product analytics and session insight (anonymized event data only) |
| Sentry | United States | Error monitoring and performance tracking |
| Salesforce | Customer's Salesforce region | Source data provider — read-only OAuth API access to customer-authorized org data. Data residency is controlled by the customer's Salesforce instance region (US, EU, AU, etc.). |
| Google Analytics 4 | United States | Anonymous funnel analytics (page views, signup/connect/audit conversion events). No Salesforce data, no user email — Supabase UUID only. IP anonymization enabled. |
| Google Ads (Conversion Tracking) | United States | Conversion tracking for paid-search campaigns. Pings the conversion endpoint on signup, connect, audit-complete, and paywall events. No Salesforce data or PII transmitted. |
| LinkedIn (Insight Tag) | United States | Conversion tracking for paid-social (LinkedIn) campaigns. Fires the standard LinkedIn track action for the same 4 conversion events. No custom properties, no Salesforce data. |
| Meta (Facebook Pixel) | United States | Conversion tracking and retargeting for Meta campaigns (sprint 2). Fires standard Meta events (CompleteRegistration, Subscribe, Lead, InitiateCheckout). No Salesforce data, no custom audiences from customer data. |
| Railway | United States | Worker hosting (scheduled audit execution). Worker has static egress IP 162.220.234.15. Salesforce token data is held only in-memory during audit runs and never persisted on Railway. |
Data transfer safeguards
Most subprocessors are located in the United States. Stripe operates both US and EU processing regions per customer-segment routing. Vercel serves edge CDN globally while compute remains in US regions. Salesforce data residency is controlled by the customer's Salesforce instance region. SpendReady relies on Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework where applicable for international transfers from EEA/UK customers.
Questions about subprocessors or data transfers? Email privacy@getspendready.com.