Legal

Subprocessors

Last updated: June 10, 2026

What this list is

A subprocessor is a third-party vendor Unshared engages that may process customer or end-user personal data to help Unshared provide its services. This list identifies those vendors, the purpose for which they are engaged, the data categories involved, and their processing region. It supports Unshared's transparency and notice obligations under the Data Processing Addendum ("DPA") and applicable privacy laws.

Infrastructure vendors that process only Unshared's own corporate or business data, and do not process customer or end-user personal data on Unshared's behalf, are not subprocessors and are not listed here.

Current subprocessors

SubprocessorService PurposeData Categories Processed
Amazon Web ServicesStorage and compute for detection processingEnd-user event and device-signal data used for analysis
BrevoDelivery of end-user verification (one-time code) emailsEnd-user email addresses
CloudflareCDN, DNS, and edge network for the web applicationNetwork traffic metadata
Google Cloud PlatformCompute, event transport, object storage, and operational logging for the core serviceEnd-user event and device-signal data in transit and at rest; operational logs
Google WorkspaceSupport and team email; customer correspondenceBusiness-contact and support communication data
ResendDelivery of customer-staff authentication and account emails for the dashboardCustomer staff email addresses
StripeCustomer billing and subscription management (no card data stored by Unshared)Customer billing-contact data, plan, subscription status, invoice and usage records — no end-user data
SupabasePrimary hosted databases for the Unshared platformEnd-user identifiers (email), device/usage signals, events, verification state; customer account and configuration data
VercelHosting for the customer web application / dashboardCustomer account data transiting the application; may include end-user identifiers displayed in the dashboard

All Unshared-controlled storage and processing occurs in US regions. End-user verification emails are delivered via Brevo, which hosts in the EU.

Privacy-favorable design

  • IP geolocation is performed locally. End-user IP addresses are geolocated against a locally hosted database; they are not transmitted to any geolocation vendor.
  • No third-party product analytics or monitoring. Unshared does not use third-party analytics, session-replay, error-tracking, or monitoring vendors that receive customer or end-user data; operational logs and metrics are reviewed within Unshared's own cloud infrastructure.

Shadow Mode audits

For a free, time-limited Shadow Mode account-sharing audit, Unshared uses the subset of subprocessors above needed to operate that audit. Because an observational-only Shadow Audit sends no verification emails to end users, Brevo is generally not engaged for end-user data during a Shadow Audit. The authoritative per-engagement list is Schedule 2 of the applicable Data Processing Addendum.

Changes to this list

Unshared will provide notice of material subprocessor changes as required by the applicable DPA or agreement before the change takes effect, and customers may object on reasonable data-protection grounds as described in the DPA. We provide notice by updating this page. Customers that require direct email notice to designated contacts may request it in their DPA or Order Form.