Legal
Subprocessors
Last updated: 2026-06-05
What this page lists
PeerPath uses the third-party services below to run the platform. Each subprocessor handles a specific function and is bound by its own contract with us. We do not allow any subprocessor to use peer-group content for marketing, advertising, or AI-model training.
Current subprocessors
| Subprocessor | Role | Location |
|---|---|---|
| Supabase | Managed Postgres database, authentication, file storage, scheduled jobs (pg_cron). | United States (AWS us-east-1). |
| Vercel | Application hosting (Next.js), routing middleware, scheduled functions, runtime logs. | United States (multi-region edge; serverless functions pinned to a US region). |
| Brevo | Transactional email delivery (sign-in codes, invitations, goal reminders, account notifications), inbound bounce/complaint webhooks. | European Union (operator); messages are routed to recipient mail servers globally. |
Notice before we add new subprocessors
When we add a new subprocessor that will process customer data, we update this page and post a notice at least 30 days before the new subprocessor begins processing. Existing customers may object during that window by writing to support@peerpath.app.
Internal infrastructure (not subprocessors)
The following internal services do not receive peer-group content and are listed for transparency only:
- GitHub (source code, CI logs that contain redacted operational metadata; never customer data).
- Sentry (error tracking) and PostHog (product analytics) are not used in v1. If either is added in a future release, this page and the Privacy Policy will be updated and a 30-day notice will be posted before they go live.
Contact
Questions about subprocessors? Email support@peerpath.app.