Last updated: May 7, 2026
Below is the list of sub-processors that process personal data on our behalf. We rely on each vendor's published commercial data-protection terms (which typically incorporate Standard Contractual Clauses or Data Privacy Framework certification where the vendor offers them) for international transfers, rather than separately negotiated agreements.
| Sub-Processor | Purpose | Location | DPA Status |
|---|---|---|---|
| Supabase Inc. | Database hosting, authentication, and file storage | United States (AWS) | Vendor's standard commercial DPA terms apply |
| Cloudflare Inc. | Content delivery, DDoS protection, DNS, and email routing | Global (edge network) | Vendor's standard commercial DPA terms apply |
| Resend Inc. | Transactional email delivery | United States | Vendor's standard commercial DPA terms apply |
| Stripe Inc. | Payment processing (card details are not stored by Signatura) | United States | Vendor's standard commercial DPA terms apply |
| Anthropic PBC | AI document analysis for Auto-Sign (opt-in only; not retained by Anthropic; results cached on Signatura infrastructure for up to 1 hour, then deleted) | United States (AWS) | Vendor's standard commercial DPA terms apply (includes SCCs for EU/UK transfers) |
We will update this page and notify account holders at least 30 days before engaging any new sub-processor. If you have concerns about a sub-processor, contact us at privacy@getsignatura.com.
See also our Privacy Policy and our Data Processing Addendum.