Sub-Processors
This page lists every third-party service provider (a "sub-processor") that TradeProof uses to deliver the Service and that may process customer data on our behalf. We update this list whenever a sub-processor is added, removed, or replaced.
TradeProof operates exclusively in the United States as of April 2026. All sub-processors below host or process data in US data centers. We do not currently transfer customer data outside the US.
Want notifications when this list changes? Email [email protected] with the subject line "Sub-processor notifications" and we will alert you at least 30 days before adding a new sub-processor that processes account-level data.
Required Sub-Processors
These providers are necessary for TradeProof to deliver core Service functionality. Disabling any of them is not currently possible without terminating the account.
| Sub-Processor | Purpose | Data Categories | Region |
|---|---|---|---|
| Google Cloud Platform Privacy |
Compute, hosting, managed PostgreSQL, container orchestration | Account data, license records, audit logs, all customer-stored content | US (us-central1, Iowa) |
| Cloudflare Privacy |
DNS, CDN, DDoS protection, TLS termination, Cloudflare Tunnel | IP addresses, request metadata, user agents | Global edge / US origin |
| Stripe, Inc. Privacy |
Payment processing, subscription billing, invoice generation | Name, email, billing address, payment instrument (handled in Stripe-hosted iframes — TradeProof never receives card data) | US |
| Resend Privacy |
Transactional email delivery (account verification, password reset, alerts, receipts) | Email address, message content | US |
| GitHub Privacy |
Source code hosting, dependency security alerts | No customer data — source code only | US |
Operational Sub-Processors
Used for product operations (error tracking, analytics, support). Customer data exposure is limited and incidental.
| Sub-Processor | Purpose | Data Categories | Region |
|---|---|---|---|
| Sentry Privacy |
Application error tracking and performance monitoring | Anonymized user IDs, request URLs, error stack traces. PII (email, name) is scrubbed before transmission. | US |
| Mercury (Column N.A.) Privacy |
Business banking (TradeProof's own ops only — not customer data) | Not a customer-data processor — listed for transparency | US |
Optional / User-Initiated Sub-Processors
These services only process customer data if the customer explicitly enables an integration. None of them receive any data unless you opt in.
| Sub-Processor | Activation | What is shared | Region |
|---|---|---|---|
| Anthropic (Claude) Opt-in Privacy |
You must connect TradeProof to Claude via the Connectors Directory and authorize via OAuth. See Privacy Policy section 12. | The structured tool calls Claude makes on your behalf (state, license number, business name) and the resulting public license records returned by TradeProof. We do not share your account password, billing info, organization member list, or audit logs. | US |
| Procore Opt-in Privacy |
You must install TradeProof in your Procore company and authorize via OAuth. | Procore vendor records you choose to map to TradeProof watchlist items, your Procore company ID, OAuth tokens (Fernet-encrypted at rest). | US |
Withdrawn / Replaced
Sub-processors that previously appeared on this list but have been removed are tracked here for transparency.
None at this time.
Contact
Questions about a specific sub-processor or want to receive change notifications?
Email [email protected]