SUPPRESSED uses selected service providers to deliver, secure, operate, and support the platform.
In this page, "we," "us," and "our" mean SUPPRESSED PTE. LTD.
This page identifies service providers that may process customer data, personal data, account data, operational data, or service metadata for us.
The providers listed here do not necessarily receive every type of data. Processing depends on the specific service, feature, workflow, customer interaction, and operational requirement involved.
Core providers
| Provider | Legal entity | Nature of processing | Region / jurisdiction |
|---|---|---|---|
| Cloudflare | Cloudflare, Inc. | DNS, web application firewall, bot protection, edge routing, security filtering, and network-layer protection | United States / global edge network |
| Cloudflare R2 | Cloudflare, Inc. | Object storage, archive storage, uploaded files, suppression evidence, validation artifacts, and operational records | United States / configured storage region |
| Vercel | Vercel Inc. | Web hosting, deployment infrastructure, preview deployments, production deployments, and application delivery | United States |
| Supabase | Supabase, Inc. | Database, authentication, session management, file storage, backend functions, scheduled jobs, and application infrastructure | United States / configured project region |
| Stripe | Stripe, Inc. | Subscription billing, payment processing, invoices, tax records, payment records, and billing customer records | United States / applicable Stripe entity |
| Resend | Resend, Inc. | Transactional email delivery and service notifications | United States |
| OpenAI | OpenAI, L.L.C. | AI-assisted workflows, classification, automation, triage, and suppression logic | United States |
| Better Stack | Better Stack, Inc. | Public status page, uptime monitoring, incident detection, and incident communication | United States |
Additional operational providers
The following providers support business, development, finance, communications, and operational workflows. They may process limited personal data, business records, source-control data, or operational metadata depending on the relevant workflow, but they are not part of the primary customer application data path unless stated.
| Provider | Legal entity | Purpose | Region / jurisdiction |
|---|---|---|---|
| GitLab | GitLab Inc. | Primary controlled source control and development workflow | United States |
| GitHub | GitHub, Inc. | Source control mirror, repository hosting, integration support, and public content repository | United States |
| Proton | Proton AG | Business email and internal communications | Switzerland |
| Airwallex | Applicable Airwallex contracting entity | Financial operations, foreign exchange, accounts, and business banking operations | Singapore / applicable Airwallex entity |
Processing roles
| Category | Purpose |
|---|---|
| Infrastructure | Hosting, DNS, routing, perimeter security, application delivery, and platform availability |
| Data systems | Database, authentication, sessions, storage, permissions, and operational records |
| Payments | Subscription billing, invoices, payment processing, tax records, and finance operations |
| Transactional service emails, account messages, and operational communications | |
| Automation | Classification, triage, workflow automation, and suppression support |
| Monitoring | Uptime checks, incident detection, public status updates, and service communications |
| Development operations | Source control, deployment support, preview workflows, and public content management |
Data categories
Depending on the provider and service function, the following categories of data may be processed:
- account information;
- contact information;
- authentication and session data;
- billing and payment records;
- service configuration data;
- customer support and operational communications;
- uploaded files or application records;
- service metadata, logs, and diagnostics;
- suppression workflow data;
- public content and documentation files.
Processing boundaries
A provider's inclusion on this page does not mean that the provider receives all customer data or all personal data we process.
Access and processing are limited by the provider's role, the applicable system design, contractual arrangements, technical configuration, and operational need.
Where possible, we separate customer application workflows, billing workflows, authentication, storage, public content, monitoring, and internal operations across defined systems.
Changes to sub-processors
We may update this page when a service provider is added, removed, replaced, or materially changed.
Changes may include updates to provider names, legal entities, processing purposes, regions, service roles, or operational status.
Related pages
- Technology
- Security
- Privacy
- Service level agreement
- Changelog