Stature
Menu
ProductPricingSecurityWorking noteLog in
Legal

Subprocessors

Last updated: 2026-06-28

Stature engages the third-party service providers below to operate the product and this site. Before a subprocessor processes customer data in production, it is engaged under a data processing agreement (DPA) that governs how that data is handled. We give customers at least 30 days of notice before adding or replacing a subprocessor that processes customer data, with a right to object on reasonable data-protection grounds.

Current subprocessors

| Subprocessor | Purpose | Region | Customer data received | | --- | --- | --- | --- | | Google Cloud Platform | Application hosting, database, cache, secrets, logging, and edge protection | United States (primary); EU on request | All customer data (storage and compute) | | Cloudflare | DNS, edge protection, and the administrative access gateway | Global edge network | Request metadata, IP addresses, blocked-request signatures | | Anthropic | Claude API for answer synthesis and content classification | United States | End-user queries and the retrieved passages used to answer them | | OpenAI | Text embeddings for the retrieval index | United States | Document text submitted for embedding | | Resend | Transactional email (invitations, digests, deletion certificates, and waitlist replies) | United States | Recipient email addresses and message templates | | Stripe | Individual billing: hosted checkout, customer portal, and subscription management | United States | Subscriber email and billing metadata (card data is handled solely by Stripe) | | AssemblyAI | Speech-to-text transcription with speaker separation, when you upload audio or video | United States | The audio or video you upload and the resulting transcript text | | Phyllo | Social and creator-account ingestion, when you connect an account | United States | The connected-account data and content you authorize | | Sentry | Application error tracking, when enabled in production | United States | Scrubbed application errors, with personal data removed before transmission | | Plausible | Cookieless website analytics for stature.cloud | European Union | Aggregate page views only, no cookies and no personal data |

Transcription (AssemblyAI) and social ingestion (Phyllo) run only when you choose to use those features.

Not subprocessors

The following receive no customer personal data and are therefore not subprocessors: source control and continuous integration (GitHub), SOC 2 compliance automation, and internal developer and documentation tools. Single sign-on for administrators is planned for a later phase and will be added here before it processes any customer data.

Changes to this list

This page is the current list of subprocessors. Material changes are announced to customers by email and in the product, per the data processing agreement. Questions can go to [email protected].