Subprocessors

Third-party services that process data on behalf of FlowPilot Studio, what they receive, where it is processed, and how they handle it.

Version 1.2 — Last updated: February 24, 2026

Prior versions of this document are available upon request at support@flowpilot.studio.

Summary
Quick reference of all subprocessors.
SubprocessorPurposeRegionCertifications
SupabaseDatabase & authenticationUS East (Virginia)SOC 2 Type II
AnthropicAI language modelUSSOC 2 Type II
StripePayment processingUSPCI DSS Level 1, SOC 2 Type II
AWSWebhook & automation workersUS East (us-east-1)SOC 2 Type II, ISO 27001
VercelApplication hosting & edge networkUS East (iad1), global edgeSOC 2 Type II
Supabase
Persistent database and authentication infrastructure.

Supabase provides the PostgreSQL database and authentication layer that powers FlowPilot. All persistent application data is stored here, protected by Row-Level Security policies that enforce strict organization isolation.

Data Received

  • User accounts and authentication
  • Organization settings and membership
  • AI conversation logs and metadata
  • Automation rules and execution history
  • Encrypted FPT credentials (AES-256-GCM)

Data Classification

  • Persistent — retained while account is active
  • Row-Level Security enforces org isolation
  • SOC 2 Type II compliant
  • All data encrypted at rest and in transit

Data Region

  • US East (Virginia)
  • All data at rest resides in this region

Retention After Cancellation

  • Account data permanently deleted upon account deletion request via cascade delete
  • Encrypted FPT credentials deleted immediately on disconnection
Supabase Privacy Policy
Anthropic
Large language model provider for AI-powered features.

Anthropic provides the Claude language model that translates natural language queries into Flow PT API calls. The model operates on schema metadata only — it generates queries but never sees your production data or query results.

Data Received

  • Natural language queries (anonymized)
  • FPT schema metadata (entity types, field names)
  • API capability descriptions

Not received: production FPT data, credentials, or file contents

Data Classification

  • Transient — Anthropic may retain inputs for up to 7 days per their API terms
  • Not used for model training under API terms
  • Client project names anonymized via AI Privacy Mode

Data Region

  • US (API requests processed in the United States)

Retention After Cancellation

  • No persistent data stored by Anthropic on our behalf
  • Transient API data subject to Anthropic’s 7-day retention window
Structural data separation: FlowPilot’s AI architecture structurally prevents production data from reaching Anthropic. The LLM generates API queries from schema metadata only — it never sees query results or your actual FPT data.
Anthropic Privacy Policy
Stripe
Payment processing and subscription management.

Stripe handles all payment processing and subscription billing for FlowPilot. Raw payment card data is collected and stored entirely by Stripe — it never touches FlowPilot servers.

Data Received

  • Billing contact information (name, email)
  • Payment method tokens (Stripe handles raw card data)
  • Subscription status and plan information
  • Invoice history

Data Classification

  • Persistent — retained while subscription exists
  • Raw payment card data never touches FlowPilot servers
  • PCI DSS Level 1 compliant
  • SOC 2 Type II compliant

Data Region

  • US (primary processing in the United States)

Retention After Cancellation

  • Billing records retained by Stripe per financial regulations
  • Payment methods removed when subscription is cancelled
Stripe Privacy Policy
Amazon Web Services (AWS)
Webhook processing and automation worker infrastructure.

AWS hosts the webhook worker infrastructure that processes Flow Production Tracking events for FlowPilot’s automation features. Event payloads from FPT are received, matched against automation rules, and discarded after processing.

Data Received

  • FPT webhook event payloads (entity changes, status updates)
  • Task and shot metadata (names, statuses, assignments)
  • Automation rule execution context

Not received: user credentials, file contents, or media assets

Data Classification

  • Transient — event payloads processed and discarded
  • No persistent FPT data stored on AWS infrastructure
  • SOC 2 Type II and ISO 27001 compliant

Data Region

  • US East (us-east-1, N. Virginia)
  • EC2 instances in a single region, no cross-region replication

Retention After Cancellation

  • No persistent customer data stored
  • Webhook processing stops immediately when automations are disabled
AWS Privacy Policy
Vercel
Application hosting, serverless functions, and edge network.

Vercel hosts the FlowPilot web application and serverless API functions. HTTP requests transit through Vercel’s global edge network for TLS termination and routing, then execute in the primary deployment region.

Data Received

  • HTTP requests and responses (application traffic)
  • Serverless function execution (API routes)
  • Deployment artifacts (application code, not customer data)
  • Environment secrets (encryption keys, API keys)

Data Classification

  • Transit — requests pass through, not stored
  • Environment secrets stored encrypted at rest
  • SOC 2 Type II compliant
  • All traffic encrypted in transit (TLS 1.2+)

Data Region

  • US East (iad1, Washington D.C.) for serverless functions
  • Global edge network for static assets and TLS termination

Retention After Cancellation

  • No customer data persisted by Vercel
  • Application deployments removed when account is closed
Vercel Privacy Policy
Questions?
We're here to help.

If you have questions about our subprocessors or need additional information for your organization’s vendor review, please reach out to us at support@flowpilot.studio.

Data Processing Agreement

Our Data Processing Agreement (DPA) covers FlowPilot’s use of the subprocessors listed on this page, including processing details, security measures, and your audit rights. A downloadable PDF is available from the DPA page.

Change Notification

We will provide at least 30 days’ notice before adding new subprocessors or making material changes to existing ones. Notifications will be sent to the billing email address on file for your organization.

See also our Privacy Policy, Terms of Service, and Security pages.