§ Legal · sub-processors
Sub-processors.
Last updated · 2 July 2026
Legal Redline uses the following third-party sub-processors to deliver the service. Each handles personal data only on our documented instructions, and we are executing GDPR Art. 28 data-processing agreements (with Standard Contractual Clauses for any EU→US transfer) with every vendor below.
Contract text sent to AI providers is PII-redacted before it leaves our infrastructure, and documents are stored encrypted in the UK/EU. Questions, or want notice of changes to this list? Contact us via the details on our contact page.
| Vendor | Purpose | Personal data processed | Location | DPA |
|---|---|---|---|---|
| Vercel | Application hosting & compute | All application traffic in transit (documents, account data) | London, UK (compute) · global edge | In progress |
| Supabase | Database & document storage | Contracts, documents, account and organization records | London, UK (eu-west-2) | In progress |
| Anthropic | AI contract review (Claude) | Contract text submitted for review (PII redacted before sending) | United States | In progress |
| OpenAI | AI assistance features | Contract text for analysis features (PII redacted before sending) | United States | In progress |
| Stripe | Payments & billing | Billing contact details, payment credentials (held by Stripe) | United States / EU | In progress |
| Resend | Transactional email | Recipient names, email addresses, notification content | United States | In progress |
| OAuth sign-in | Name, email address and profile of users who sign in with Google | Global | In progress | |
| Upstash | Rate limiting (Redis) | Hashed request identifiers (emails/IPs) for abuse protection | Global edge | In progress |
| PostHog | Product analytics | Pseudonymous usage events and product interactions | United States | In progress |
We update this page when a sub-processor is added, replaced or removed. Statuses marked “In progress” reflect agreements currently being executed under our vendor DPA program.