Legal
Subprocessors. Who we let touch your data.
The third-party vendors we engage to help deliver PennyLens. Each is bound by a written DPA, confidentiality terms, and the international transfer instruments listed alongside them. We give 30 days' notice before adding or replacing any name on this list.
Last updated
May 21, 2026
Subscribe to changes by emailing privacy@pennylens.com with the subject “Subscribe to subprocessor updates”. We’ll notify you 30 days before any addition or replacement.
Subprocessor
Purpose
Region
Transfer mechanism
Infrastructure hosting — compute, object storage, queues, encrypted backups.
us-east-1 (N. Virginia, USA). EU/UK residency planned for v1.3.
EU SCCs Module 2 + UK IDTA.
Billing, invoicing, and payment processing. We never store full card numbers.
United States
EU SCCs Module 2 + UK IDTA.
AI insight generation from aggregated, redacted summaries. No End-User PII is sent; we do not send raw recordings. Prompts and completions are retained by Anthropic for up to 30 days under their standard trust-and-safety policy; zero-retention enrollment is on our roadmap and this entry will be updated once it is contractually in effect.
United States
EU SCCs Module 3 (PennyLens as Processor → Sub-Processor) + UK IDTA.
Transactional email delivery — verification, password reset, team invitations, billing notifications, dunning, account-deletion confirmations, and AI insight digests.
United States
EU SCCs Module 2 + UK IDTA.
Application error monitoring with PII scrubbing applied at SDK level.
United States; EU residency option available for Business customers on request.
EU SCCs Module 2 + UK IDTA where applicable.
Changelog
- May 21, 2026Errata corrections reflecting actual production from launch: (1) replaced Postmark with Resend (the transactional email vendor in use since v1.2 shipped); (2) corrected AWS region from the previously listed multi-region set to us-east-1 (N. Virginia) only — EU/UK residency is on the v1.3 roadmap; (3) corrected Anthropic retention disclosure to reflect that prompts and completions are retained up to 30 days under Anthropic's standard trust-and-safety policy, with zero-retention enrollment in progress. Business customers needing EU residency or contractually-enforced zero-retention before then can contact legal@pennylens.com.
- May 20, 2026Page introduced. Initial list reflects subprocessors active as of the v1.2 launch.
Object to a subprocessor?
Business customers may object to a new or replaced subprocessor within the 30-day notice window. We will work with you on an alternative; if none is available, you may terminate the affected portion of the service without penalty and receive a pro-rata refund of any prepaid, unused fees.
Send objections to legal@pennylens.com.