Subprocessors

Last updated: 25 April 2026

Smoothly uses the third-party companies listed below (“Subprocessors”) to help deliver our service. Each Subprocessor is contractually bound to data protection obligations consistent with our Data Processing Agreement.

For details about how we secure customer data, see our Security page.

Subprocessor	Purpose	Region	Privacy Policy
Vercel	Application hosting and edge network	EU / Global	View
Supabase	Authentication and PostgreSQL database	EU	View
Cloudflare	CDN, DNS, and R2 object storage	Global (R2: Western Europe)	View
Anthropic	AI code generation (Claude API)	United States	View
Google (Gemini)	AI image generation (Gemini Flash Image)	United States	View
OpenAI	Optional AI capabilities (text embeddings)	United States	View
Stripe	Payment processing and subscription billing	EU / Global	View
Sentry	Error monitoring and crash reporting	EU	View
PostHog	Product analytics and session replay	EU	View
Modal	Sandboxed code execution containers	United States	View
Customer.io	Lifecycle and transactional email	United States	View
Upstash	Redis cache and rate limiting	EU	View
Axiom	Application logging and observability	EU	View
Temporal Cloud	Workflow orchestration	EU (eu-central-1)	View

International Transfers

Where a Subprocessor is located outside the European Economic Area, transfers are protected by the European Commission's Standard Contractual Clauses and supplementary measures where applicable. Personal data sent to AI providers (Anthropic, Google, OpenAI) is transmitted via API integrations under agreements that prohibit training on customer data.

Updates

We update this list whenever we add or remove a Subprocessor. Customers with an active Data Processing Agreement receive at least 30 days' advance notice of new Subprocessors via email to the technical contact on file. To subscribe to changes, email legal@smoothly.dev.

Questions

For questions about our Subprocessors or data processing arrangements, contact legal@smoothly.dev.