Sub-Processors
Third-party services that process personal data on our behalf. All sub-processors are bound by data processing agreements.
Last updated: February 19, 2026
9 Processors
Carefully vetted third-party services
DPA Required
All processors have signed DPAs
Regular Review
Quarterly security assessments
Change Notices
30-day advance notice of changes
| Provider | Purpose | Data Location |
|---|---|---|
| Neon | Database hosting (PostgreSQL) | EU (Frankfurt) |
| Vercel | Application hosting and CDN | Global (Edge), US primary |
| Clerk | Authentication and user management | US |
| Stripe | Payment processing | US, EU |
| PayPal | Payment processing | US, EU |
| Resend | Transactional email delivery | US |
| Sentry | Error monitoring and performance | US |
| PostHog | Product analytics | EU (Frankfurt) |
| Cloudflare | CDN, DDoS protection, DNS | Global (Edge) |
Change Notification Process
Advance Notice
We provide at least 30 days' advance notice before adding or replacing a sub-processor. Notifications are sent to the email address associated with your account and published on this page.
Right to Object
If you have reasonable data protection concerns about a new sub-processor, you may object by contacting dpo@apidly.com within the 30-day notice period. We will work in good faith to address your concerns or provide an alternative.
Contact our DPO for questions about our sub-processors or to subscribe to change notifications.
DPO: dpo@apidly.com