Third-party sub-processors
Every third party DCS AI Technologies engages to deliver our services, what data they touch, where they operate, and the current status of their Data Processing Agreement (DPA) with us. We update this list at least 30 days before adding any new sub-processor.
Infrastructure sub-processors
These vendors host the production stack. Every one operates under an executed DPA with DCS AI Technologies L.L.C.
| Vendor | Service | Data touched | Region | DPA |
|---|---|---|---|---|
| Cloudflare, Inc. | CDN, DNS, Pages hosting, Email Routing, DDoS protection | HTTP request metadata, email subject/recipient metadata (no email body) | Global (multi-region edge) | Executed |
| Render Services, Inc. | Backend application hosting | All API request bodies, application logs, database (via Supabase) | us-east-1 (Oregon), eu-west-1 (Frankfurt) | Executed |
| Supabase Inc. | Managed PostgreSQL with pgvector | Memory writes, R+2 receipts, agent metadata, customer accounts | us-east-1, eu-west-1 (customer-selectable) | Executed |
| OpenAI, L.L.C. | Embedding generation (text-embedding-3-large) | Memory write content (sent for vectorization; not retained per OpenAI API DPA) | us-east-1 (OpenAI-controlled) | Executed (OpenAI API DPA) |
| Resend Inc. | Outbound transactional email | Email body, recipient address, sending domain | Global | Executed |
Payment sub-processors
Used when customers pay for paid tiers or when the Agent Treasury settles transactions.
| Vendor | Service | Data touched | Region | DPA |
|---|---|---|---|---|
| Stripe, Inc. | Fiat billing (USD, EUR, INR, etc.) | Customer billing address, payment method (tokenized — DCS never sees card numbers) | Global | Executed |
| Coinbase, Inc. (Base mainnet) | On-chain settlement infrastructure (Base L2) | Wallet addresses, transaction amounts (public-blockchain by design) | Public blockchain (Base L2 sequencer in US) | N/A (public-blockchain operator) |
Operational sub-processors
Internal tools used by the DCS team. Access scoped to specific data categories.
| Vendor | Service | Data touched | Region | DPA |
|---|---|---|---|---|
| GitHub, Inc. | Source code hosting, CI/CD | Source code (no customer data; .gitignore filtering enforced) | Global | Executed (GitHub DPA) |
| Better Stack | Uptime monitoring, incident alerts | HTTP response codes, latency, uptime metrics (no payload content) | Global | Executed |
| Plausible Analytics | Privacy-respecting web analytics | Page view aggregates, referrer (no cookies, no PII, no cross-site tracking) | EU (Hetzner Falkenstein) | Executed |
| Google Workspace | Internal email (founder + business addresses) | Founder email correspondence, business inquiries | Global (customer email primarily us) | Executed (Google Workspace DPA) |
Status legend
N/A: Public-blockchain infrastructure operates by design without bilateral DPAs — data is inherently public.
What we do NOT use
Explicitly NOT used as sub-processors:
- Google Analytics, Google Ads, Google Tag Manager — no behavioral profiling.
- Meta Pixel, Facebook Conversions API — no advertising attribution.
- HubSpot, Salesforce, Marketo — no CRM-side data ingestion of customer behavior beyond what they explicitly submit.
- Mixpanel, Amplitude, Segment — no event-based behavioral analytics.
- Sentry, LogRocket, FullStory — no session replay or PII-touching error monitoring.
- AWS, Google Cloud Platform, Azure — we host on Cloudflare + Render + Supabase only.
New sub-processor notification policy
Before engaging a new sub-processor that will touch Customer Content, we will:
- Update this page with the new vendor at least 30 days in advance.
- Email all Enterprise tier customers individually with the change.
- Post an entry in the changelog.
- Allow Enterprise tier customers to terminate affected services for cause if they reasonably object.
Builder tier and Free tier customers: subscribe to our newsletter to receive notifications.
Sub-processor history
Material changes to this list will be logged here:
- 2026-05-21: Initial publication. Sub-processors as listed above.
Contact
Questions about a specific sub-processor: [email protected]
DPA requests for Enterprise tier: [email protected]
Data subject requests (GDPR / DPDP / CCPA): [email protected]