Subprocessors
Last Updated: February 11, 2026
PermitTracker uses the following third-party service providers ("Subprocessors") to help deliver the Service. Each Subprocessor processes data on our behalf in accordance with our agreements and applicable data protection requirements.
We review Subprocessors for security and privacy practices. We will update this page when we make material changes and notify Customer administrators of changes that materially impact the processing of Customer Content.
Current Subprocessors
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Database, authentication, file storage | Account data, application data, uploaded documents | United States |
| Vercel | Application hosting and content delivery | Usage data, IP addresses, request metadata | United States / Global CDN |
| Anthropic | AI document extraction (when AI features are used) | Document content submitted for AI scanning | United States |
| Resend | Transactional email delivery | Email addresses, notification content | United States |
| Stripe | Payment processing and billing | Billing contact info, payment data, transaction data | United States |
Subprocessor Security
The following Subprocessors have published security attestations or compliance reports:
| Provider | Compliance Statement |
|---|---|
| Supabase | Vendor states SOC 2 Type 2 compliance (details) |
| Vercel | Vendor states SOC 2 Type 2 attestation (details) |
| Stripe | Vendor states SOC 1 and SOC 2 Type II reports produced annually (details) |
| Anthropic | Vendor states SOC 2 Type 2 achieved (details) |
PermitTracker does not currently hold an independent SOC 2 certification. We rely on the security practices of our infrastructure providers and implement application-level security controls as described on our Security Practices page.
If you need specific vendor SOC 2 reports, they are typically available directly from the vendor under NDA or via their trust/security portal.
Changes to This List
If you have questions about our Subprocessors or need advance notice of changes, contact us at privacy@permittracker.app.