Sub-processors

Third parties that process customer data on our behalf. We notify customers 30 days before adding a new one (see Privacy §5). Subscribe to changes at subprocessors-subscribe@server2agent.com.

Last updated: April 22, 2026 · Release: us-atlanta-v1

Vendor	Purpose	Data category	Region	Attestation
Anthropic, PBC	LLM (Triage · Investigator · Reporter)	masked incident text	US	Type II
Vercel, Inc.	admin-ui · status-site · landing hosting	session, app logs	US	Type II
Fly.io	orchestrator · caddy · step-ca compute	operational data	US (atl/iad)	Type II
Neon, Inc.	Postgres (incidents, audit, billing)	all structured data	AWS us-east-1	Type II
Upstash, Inc.	Redis (short-TTL streams, JTI)	ephemeral queue/cache	AWS us-east-1	Type II
Cloudflare, Inc.	DNS · CDN · WAF · R2 object storage	TLS termination, release artifacts	Global (edge)	Type II
Clerk, Inc.	Authentication (Passkey, SMS OTP, Organizations)	admin identity	US	Type II
Twilio, Inc.	SMS notifications	recipient phone numbers	US	Type II
Resend	Transactional email	recipient emails, subject lines	US	Type II
Stripe, Inc.	Billing, invoicing, US sales tax	billing contact, payment tokens	US	PCI DSS + SOC 1/2
Sentry (Functional Software)	Error tracking	stack traces, redacted	US	Type II
Grafana Labs	OpenTelemetry / metrics	operational telemetry	US (us-east)	Type II
GitHub, Inc.	Source code, CI/CD, artifact registry	no customer data	US	Type II
Microsoft (Azure Trusted Signing)	Code signing for agent binary	binary hashes	US	Microsoft attestation

Regions

All primary data stays in the United States for the us-atlanta-v1 release. No data is intentionally replicated to the EU or APAC. Customer data is not sent to Anthropic in raw form — only masked, summarized incident text required for investigation.

Archived versions

Previous lists are retained under /subprocessors/archive/<date>.md in our internal compliance repo (shared under NDA on request).