Legal
Sub-processors
Third-party services we use to run Drupd, what data each one receives, where they host it, and a link to their data processing agreement.
- SupabasePrimary database, authentication, and file storage.Account identifiers, email, hashed passwords, workspace records (clients, invoices, line items, payments), uploaded logos and signatures, session tokens.European Union (AWS eu-west-1, Ireland).
- CloudflareEdge hosting (Workers), CDN, Hyperdrive connection pooling, Turnstile bot mitigation, R2 PDF storage.Request metadata (IP address, user agent, country code), generated invoice PDFs, Turnstile verification tokens.Global edge network; R2 data hosted in Cloudflare's distributed storage.
- ResendTransactional email delivery (invoice sends, notifications, auth emails).Recipient email address, sender identity, email subject and body, delivery metadata.United States.
- PolarSubscription billing, checkout, and customer portal.Billing email, payment method metadata (card brand, last 4, not full PAN), subscription state, invoice amounts from the billing flow.United States.
- PostHogProduct analytics: understanding feature usage. Gated behind cookie consent (opt-in required in EU/UK/CH/BR/CA).Anonymous distinct ID, URL path, user agent, country code (from IP, then IP discarded), account identifier for signed-in users.United States (us.i.posthog.com). Traffic is proxied through t.drupd.com (Cloudflare Workers) to reduce ad-blocker breakage.
- SentryError and performance monitoring. Gated behind cookie consent.Error stack traces, user agent, URL of the failing request, account identifier for signed-in users. Session Replay captures a visual reproduction of the page when an error occurs (form inputs are masked; other on-screen text, including invoice and client details, may be recorded).United States (sentry.io).
Purpose
Primary database, authentication, and file storage.
Data
Account identifiers, email, hashed passwords, workspace records (clients, invoices, line items, payments), uploaded logos and signatures, session tokens.
Region
European Union (AWS eu-west-1, Ireland).
Purpose
Edge hosting (Workers), CDN, Hyperdrive connection pooling, Turnstile bot mitigation, R2 PDF storage.
Data
Request metadata (IP address, user agent, country code), generated invoice PDFs, Turnstile verification tokens.
Region
Global edge network; R2 data hosted in Cloudflare's distributed storage.
Purpose
Transactional email delivery (invoice sends, notifications, auth emails).
Data
Recipient email address, sender identity, email subject and body, delivery metadata.
Region
United States.
Purpose
Subscription billing, checkout, and customer portal.
Data
Billing email, payment method metadata (card brand, last 4, not full PAN), subscription state, invoice amounts from the billing flow.
Region
United States.
Purpose
Product analytics: understanding feature usage. Gated behind cookie consent (opt-in required in EU/UK/CH/BR/CA).
Data
Anonymous distinct ID, URL path, user agent, country code (from IP, then IP discarded), account identifier for signed-in users.
Region
United States (us.i.posthog.com). Traffic is proxied through t.drupd.com (Cloudflare Workers) to reduce ad-blocker breakage.
Purpose
Error and performance monitoring. Gated behind cookie consent.
Data
Error stack traces, user agent, URL of the failing request, account identifier for signed-in users. Session Replay captures a visual reproduction of the page when an error occurs (form inputs are masked; other on-screen text, including invoice and client details, may be recorded).
Region
United States (sentry.io).
We only share the minimum data each processor needs to do its job. We do not sell your data, and we do not use it for cross-context advertising.
International transfers from the EU/UK/Switzerland rely on the European Commission's Standard Contractual Clauses (SCCs), which are referenced in each processor's DPA above. We notify customers by email before adding a new sub-processor that has access to customer personal data.
Questions: privacy@drupd.com.