Subprocessor List
OfiFlow Subprocessor List
OfiFlow uses the third-party services below ("Subprocessors") to deliver the OfiFlow platform. This list is current as of the effective date above. We notify customers in writing at least 30 days before adding a new Subprocessor that processes Customer Personal Data, per the Data Processing Addendum (DPA).
To receive change notifications by email, send a request to legal@ofiflow.com.
Active subprocessors
| # | Subprocessor | Role | Data processed | Region | Notes |
|---|---|---|---|---|---|
| 1 | Supabase, Inc. | Database, authentication, file storage, realtime sync | All Customer Data: tenants, users, drivers, loads, contracts, communications, audit logs, file uploads | United States (AWS us-west-2, Oregon) |
Primary data store. Postgres with row-level security. Encryption at rest (AES-256) and in transit (TLS 1.2+). Supabase DPA. |
| 2 | Vercel Inc. | Application hosting, edge network, AI request gateway | Application code, request/response logs (no Customer Data persisted); LLM prompts/responses transit through AI Gateway | United States | Next.js hosting + AI Gateway proxies model calls to Google Vertex AI. Vercel DPA. |
| 3 | Inngest, Inc. | Workflow orchestration and background job execution | Event payloads (driver events, load updates, agent invocations) | United States | Event durability ~30 days. Inngest privacy. |
| 4 | Google LLC (Google Cloud / Vertex AI) | LLM inference for OCR, classification, summarization, ranking | LLM prompts and responses (may include extracted ticket text, driver message text, contract clauses). No data is used for model training. | United States (BYOK service account; multi-region deployment) | Accessed via Vercel AI Gateway with customer-owned BYOK GCP service account. Google Cloud DPA. |
| 5 | Twilio Inc. | SMS fallback channel for driver communications | Driver phone numbers, SMS message body | United States | Used as fallback when WhatsApp delivery is unavailable. Twilio DPA. |
| 6 | Meta Platforms Inc. (WhatsApp Business) | Primary driver communication channel | Driver phone numbers, message body, media attachments (e.g. ticket photos) | United States (international routing possible) | Required for primary driver comms flow. Meta business terms. |
| 7 | Sentry (Functional Software, Inc.) | Error tracking and performance monitoring | Stack traces, error metadata, internal user IDs (no driver phone or customer billing data) | United States | Free tier ≤5,000 events/mo. Sentry DPA. |
| 8 | Resend Inc. | Transactional email delivery | Recipient email address, email subject + body | United States | Used for invitations, password resets, billing notifications. Resend DPA. |
(Note: PostHog Inc. was previously listed as Subprocessor 8 for product analytics. Retired 2026-04-29 — Vercel Analytics, bundled with the Vercel Pro plan we already use as Subprocessor 1, covers Web Vitals + product telemetry without a separate processor. Vercel Inc.'s data-processing terms cover this analytics processing under the same Vercel DPA.)
Conditional subprocessors (used when feature enabled)
| # | Subprocessor | Role | Triggered when | Region |
|---|---|---|---|---|
| 10 | Langfuse GmbH (Cloud) | LLM trace logging (prompts, responses, latency, cost) | Enabled per-tenant via LANGFUSE_PUBLIC_KEY env. Off by default in V1. |
European Union (Frankfurt) — opt-in only |
| 11 | Stripe, Inc. | Subscription billing, invoicing, payment processing | Activated when first paying customer subscribes. Card data never touches OfiFlow infrastructure (Stripe-hosted). | United States. Stripe DPA. |
| 12 | Modal Labs, Inc. | Python runtime for specialized agent workloads | Activated only when an agent requires Python libraries unavailable in the TypeScript stack. Not used in V1 default configuration. | United States. Modal terms. |
| 13 | Google LLC (Gmail API) | Per-tenant inbound email ingestion | Customer connects their Gmail workspace via OAuth (Mail.Read scope). Stored OAuth refresh token tenant-scoped. |
United States. Same Google DPA as row 4. |
| 14 | Microsoft Corporation (Microsoft Graph) | Per-tenant inbound email ingestion (Outlook) | Customer connects their Microsoft 365 workspace via OAuth (Mail.Read, Mail.Read.Shared). |
United States. Microsoft DPA. |
Development-only services (not used in production processing)
These services receive no Customer Personal Data in production deployments. They are listed here for transparency only.
| Service | Role | Notes |
|---|---|---|
| xAI / Grok | Development-only LLM provider | Replaced by Google Vertex AI / Gemini in production. No Customer Data flows to xAI in production. |
Data residency summary
All Customer Data at rest is stored in the United States (AWS us-west-2, Oregon). Some processing transits through United States cloud infrastructure (Vercel edge network, Google Cloud, Meta WhatsApp). One opt-in service (Langfuse) runs in the European Union; tenants must explicitly enable it via environment configuration.
How we add or change subprocessors
- New subprocessor candidate is evaluated per
internal/subprocessor-onboarding.md(vendor SOC 2 or equivalent, signed DPA, data-flow diagram). - We notify customers via email at least 30 days in advance of activating a new Subprocessor that processes Customer Personal Data.
- Customers who object in writing within 14 days of notice may terminate the affected services without penalty per the DPA termination clause.
Contact
Questions about this list, change notifications, or to object to a specific Subprocessor: legal@ofiflow.com
Change history
- 2026.04.25-1 — Initial list. 9 active subprocessors + 5 conditional. xAI/Grok marked development-only.