Sub-processors
Last updated: 2026-05-28
OrderPier engages the third-party service providers below to deliver the service. Each is bound by a written data-processing agreement aligned to GDPR Article 28. We commit to 30 days' advance notice of any addition or material change.
To subscribe to change notices, email subprocessor-updates@orderpier.com.
| Provider | Purpose | Data | Region | DPA |
|---|---|---|---|---|
| Anthropic, PBC | LLM inference for PO extraction | Email body & attachments processed during extraction | United States | View |
| Postmark (ActiveCampaign) | Inbound email ingress | Email contents, sender metadata, raw MIME | United States | View |
| Vercel Inc. | Web app hosting (marketing site + dashboard) | Auth tokens, app traffic, edge cache | United States / Global edge | View |
| Fly.io | Backend / worker compute | Email payloads in transit, processed in-memory | United States (configurable) | View |
| Neon / RDS (managed Postgres) | Primary datastore | All customer data — extracted orders, audit log, attachments metadata | United States | View |
| Upstash | Managed Redis (job queue + rate limit) | Job payloads (transient, no PII at rest) | United States | View |
| Clerk Inc. | Authentication & organization management | User identity, session tokens, organization memberships | United States | View |
| Stripe Inc. | Billing & subscription management | Billing contact, payment method, invoice history | United States | View |
International transfers
For data subjects in the EU/EEA, UK, and Switzerland, transfers to US-based sub-processors are governed by the 2021 EU Standard Contractual Clauses (Module 2) plus the UK International Data Transfer Addendum, annexed to our DPA.