Sub-Processors
Last updated: 2026-04-14
Support Stack Systems BBLLC uses the following sub-processors to deliver StackAudit. Each holds a current SOC 2 Type II, ISO 27001, PCI DSS, or equivalent attestation and is bound by a data processing addendum. This list is reviewed annually and on every new integration.
| Vendor | Purpose | Data categories | Location | Attestation |
|---|---|---|---|---|
| Auth0 (Okta, Inc.) | Identity and user management | Account identity, profile, audit inputs stored in user_metadata | USA | SOC 2 Type II, ISO 27001 |
| Supabase | Managed Postgres and storage | Integration records, encrypted credentials, detected charges, merchant corrections | USA (AWS us-east-1) | SOC 2 Type II |
| Vercel | Application hosting and edge network | Request logs, ephemeral runtime data | USA | SOC 2 Type II, ISO 27001 |
| Plaid | Financial account aggregation (only if you choose to connect) | Transaction metadata, masked account IDs, institution names | USA | SOC 2 Type II |
| Stripe | Payment processing | Billing info, payment method tokens, invoices | USA | PCI DSS Level 1, SOC 2 Type II |
| Resend | Transactional email delivery | Email address, message content | USA | SOC 2 Type II |
| GitHub | Source control | No customer data; source code only | USA | SOC 2 Type II |
Changes
We notify customers at least 30 days before a material change to this list takes effect, where feasible. Subscribe at privacy@supportstacksystems.com if you want to receive these notices by email.
Contact
Questions about sub-processors: privacy@supportstacksystems.com.