Sub-processors
Third-party services InSitue uses to deliver the Cloud product. Each vendor, what data they receive, where they store it, and how to read their own privacy posture.
Scope
The list below covers InSitue Cloud only — the SaaS autopilot at app.insitue.com. The local dev toolships zero data to InSitue and uses the developer's own claude CLI session; none of these sub-processors touch dev-tool traffic.
Sub-processor list
- Anthropic, PBC · privacy policy ↗Purpose. Claude inference — the autopilot's investigation, edits, and verify.Data processed. Capture bundle text (user note, console, errors, DOM), screenshots, repo context excerpts, agent transcripts. API calls run with zero data retention.Region. United States (regions vary by capacity).
- Vercel Inc. · privacy policy ↗Purpose. Hosting (cloud app + marketing) and ephemeral Sandbox microVMs that execute the per-run customer build.Data processed. App request logs, runtime metrics. Per-run microVMs clone customer source on demand and are destroyed at end of run — nothing is persisted by Vercel beyond the lifetime of the microVM.Region. Hosting region: Sydney (syd1, AWS ap-southeast-2). Sandbox microVMs: same region as the cloud app.
- Neon, Inc. · privacy policy ↗Purpose. Managed Postgres backing the InSitue dashboard — reports, runs, integrations metadata, agent transcripts, verify logs.Data processed. Capture bundles (text fields token-scrubbed at ingest; screenshots / DOM persisted as captured), agent transcripts, run state, organisation + user identity. Point-in-time recovery enabled.Region. AWS ap-southeast-2 (Sydney).
- GitHub, Inc. · privacy policy ↗Purpose. Customer-side identity (OAuth) for the dashboard and the GitHub App that pushes fix PRs into customer repos.Data processed. GitHub login + email for dashboard identity; commits + branches pushed to repos the customer explicitly granted to the InSitue GitHub App. No data flows back from customer repos to InSitue beyond what the autopilot read during the run.Region. United States (global edge).
- Stripe Payments Australia Pty Ltd · privacy policy ↗Purpose. Billing, metered usage, and tax invoicing.Data processed. Billing email, billing address, plan/usage records. Payment card data is collected directly by Stripe via Stripe Elements — card numbers never touch InSitue's servers.Region. Stripe Australia (PCI DSS Level 1). Global Stripe infrastructure for redundancy.
- Resend · privacy policy ↗Purpose. Transactional email — PR opened, quota alerts, daily digest, account notifications.Data processed. Recipient email + plain-text and HTML message bodies.Region. United States (with EU region available).
- Sentry · privacy policy ↗Purpose. Error tracking and performance telemetry on the cloud app only.Data processed. Server-side stack traces, request paths, anonymous user IDs. NOT customer source code, NOT capture bundles, NOT screenshots.Region. United States (global edge).
How we add new sub-processors
We update this page before a new sub-processor begins processing customer data. If you have a contractual right to a notice window (typically 30 days), the executed DPA governs — email privacy@insitue.com to subscribe to change notifications, or watch this page's commit history ↗ on GitHub.
How to object
Customers under an executed DPA may object to a new sub-processor on reasonable grounds. Email privacy@insitue.comwith the specific vendor and reason; we'll work with you on a remediation path or, where the sub-processor is load-bearing for the service, a termination right per the DPA.
Vendor security questionnaire
Need a vendor security questionnaire (SIG, CAIQ, custom)? Email support@insitue.com and we'll send our standard pack or a turnaround on your template.