Trust · Subprocessors
Every vendor that touches your data.
Complete list of subprocessors used in delivering the Caseflow service, what each one touches, and links to their own security and privacy documentation. We notify customers at least 30 days before adding or replacing any subprocessor.
Last updated: June 1, 2026 · Subscribe to change notifications
| Vendor | Role | Data touched | Region |
|---|---|---|---|
| Amazon Web Services | Object storage, AI (Rekognition), key management | Customer evidence files + metadata | us-east-1 |
| Neon | Postgres database | Customer account + case metadata | us-east-1 |
| Vercel | Application hosting, edge network | Web requests (TLS-terminated) | Global |
| Clerk | Authentication and identity | Email, name, password hash | us-east-1 |
| Stripe | Payments and subscription billing | Billing contact, payment method | Global |
| Anthropic | AI: summarization (Claude) | Transcripts + extracted text only | US |
| OpenAI (via OpenRouter) | AI: transcription (Whisper) | Audio files for transcription | US |
| PostHog | Product analytics | Anonymized usage events (no PII) | us-east |
| Resend | Transactional email | Recipient email + message content | us-east |
| Sentry | Error monitoring | Error stack traces (no PII) | us-east |
| Upstash | Rate limiting + job queue | Anonymized rate-limit counters | us-east |