Subprocessors
Last updated: June 10, 2026
What this list is
A subprocessor is a third-party vendor Unshared engages that may process customer or end-user personal data to help Unshared provide its services. This list identifies those vendors, the purpose for which they are engaged, the data categories involved, and their processing region. It supports Unshared's transparency and notice obligations under the Data Processing Addendum ("DPA") and applicable privacy laws.
Infrastructure vendors that process only Unshared's own corporate or business data, and do not process customer or end-user personal data on Unshared's behalf, are not subprocessors and are not listed here.
Current subprocessors
| Subprocessor | Service Purpose | Data Categories Processed |
|---|---|---|
| Amazon Web Services | Storage and compute for detection processing | End-user event and device-signal data used for analysis |
| Brevo | Delivery of end-user verification (one-time code) emails | End-user email addresses |
| Cloudflare | CDN, DNS, and edge network for the web application | Network traffic metadata |
| Google Cloud Platform | Compute, event transport, object storage, and operational logging for the core service | End-user event and device-signal data in transit and at rest; operational logs |
| Google Workspace | Support and team email; customer correspondence | Business-contact and support communication data |
| Resend | Delivery of customer-staff authentication and account emails for the dashboard | Customer staff email addresses |
| Stripe | Customer billing and subscription management (no card data stored by Unshared) | Customer billing-contact data, plan, subscription status, invoice and usage records — no end-user data |
| Supabase | Primary hosted databases for the Unshared platform | End-user identifiers (email), device/usage signals, events, verification state; customer account and configuration data |
| Vercel | Hosting for the customer web application / dashboard | Customer account data transiting the application; may include end-user identifiers displayed in the dashboard |
All Unshared-controlled storage and processing occurs in US regions. End-user verification emails are delivered via Brevo, which hosts in the EU.
Privacy-favorable design
- IP geolocation is performed locally. End-user IP addresses are geolocated against a locally hosted database; they are not transmitted to any geolocation vendor.
- No third-party product analytics or monitoring. Unshared does not use third-party analytics, session-replay, error-tracking, or monitoring vendors that receive customer or end-user data; operational logs and metrics are reviewed within Unshared's own cloud infrastructure.
Shadow Mode audits
For a free, time-limited Shadow Mode account-sharing audit, Unshared uses the subset of subprocessors above needed to operate that audit. Because an observational-only Shadow Audit sends no verification emails to end users, Brevo is generally not engaged for end-user data during a Shadow Audit. The authoritative per-engagement list is Schedule 2 of the applicable Data Processing Addendum.
Changes to this list
Unshared will provide notice of material subprocessor changes as required by the applicable DPA or agreement before the change takes effect, and customers may object on reasonable data-protection grounds as described in the DPA. We provide notice by updating this page. Customers that require direct email notice to designated contacts may request it in their DPA or Order Form.