Subprocessor List
Last updated: April 28, 2026
This page lists the third-party service providers ("subprocessors") that QuantegyAI uses to operate the Services. We update this list when material changes occur. Institutional customers receive at least thirty days' advance written notice of any intended addition or replacement of a subprocessor. Each subprocessor is bound by a written agreement that imposes obligations equivalent to those in our Privacy Policy and our institutional Data Processing Addendum.
| Function | Subprocessor | Country | Categories of data |
|---|---|---|---|
| Application hosting and continuous deployment | Netlify, Inc. | United States | HTTP request logs, deploy artefacts |
| Database, authentication, edge functions | Supabase, Inc. | United States | All processed data: account info, learning interactions, audit events |
| Payment processing | Stripe, Inc. | United States | Customer ID, subscription ID, billing email, payment metadata. Card data never reaches QuantegyAI. |
| Error monitoring | Functional Software, Inc. d/b/a Sentry | United States | Stack trace, request correlation ID, optional user ID hash |
| Domain registration and DNS | GoDaddy.com, LLC | United States | Domain administrative contact only; no user data |
Notes
Hosting and database. The application is deployed on Netlify; user-account data, progress, audit events, and Edge Functions live in Supabase. The selection of these subprocessors materially affects data residency; both currently operate in United States regions.
Email. Transactional email (verification, password reset, billing notices) is delivered through Supabase Auth's email pipeline. Marketing email is out of scope.
Stripe. Card data, CVV, and expiration date are entered directly into Stripe's hosted Checkout page; QuantegyAI receives only customer and subscription identifiers and the billing email. We retain those identifiers to apply entitlements and to process refunds.
Sentry. Active when configured. Scrubbing rules at the SDK level remove form values, headers, and cookies; only stack trace and correlation ID are forwarded.
Change log
April 28, 2026 — Initial public list.