Sub-Processors

Last updated: February 11, 2026

AmbientMeta uses the following third-party sub-processors to deliver the Privacy Gateway service. Each sub-processor is bound by data protection obligations consistent with our Data Processing Agreement and applicable data protection laws.

Current Sub-Processors

Sub-Processor Location Purpose Data Processed
Fly.io, Inc. United States Application hosting Customer Data (transient processing only), Account Data
Upstash, Inc. United States Session cache (Redis, 24-hour TTL) Session data (PII-to-placeholder mappings), rate limit counters
Supabase, Inc. United States Database (PostgreSQL) Account Data, detection metadata (anonymized), request logs
Stripe, Inc. United States Payment processing Billing data, payment information
Resend, Inc. United States Transactional email Email addresses (for verification and password reset emails)

Self-Hosted Deployments

For self-hosted customers, Customer Data is processed entirely on your own infrastructure. The sub-processors listed above apply only to Account Data (authentication, billing) and not to the text content you process through the Privacy Gateway. The detection engine, session cache, and database all run within your environment.

Change Notification

We will notify customers of changes to our sub-processor list at least 30 days before any new sub-processor begins processing Customer Data. Notifications are sent via:

If you object to a new sub-processor, you may notify us in writing within 14 days of receiving notice. See Section 4 of our Data Processing Agreement for the objection procedure.

Change Log

Date Change
February 11, 2026 Initial sub-processor list published

Contact

For questions about our sub-processors or to subscribe to change notifications: