Subprocessors

ArrowISE uses the third-party services below to operate the platform. Each is bound by its standard data-processing terms; ArrowISE itself stores arrangement metadata only — never patient PHI.

Last reviewed: 2026-05-05

Subprocessor	Purpose	Data category	Region
Vercel, Inc. vercel.com	Application hosting + edge serverless functions	Application data	US (multi-region edge)
Supabase, Inc. supabase.com	Postgres database + authentication + storage	Application data	US-East
Resend resend.com	Transactional email (daily digest, onboarding)	Recipient email	US
Upstash, Inc. upstash.com	Redis-backed sliding-window rate limiters	Counters only — no PII	US
Functional Software, Inc. (Sentry) sentry.io	Application error monitoring	Scrubbed errors	US
Stripe, Inc. stripe.com	Subscription billing + customer portal + tax compute	Customer billing	US
Anthropic, PBC anthropic.com	LLM inference for the regulatory watchdog + founder digest crons	Aggregate metadata	US

Notes on data categories

Application data — arrangement metadata, physician identifiers (name, NPI, specialty), audit trail entries. No PHI.
Counters only — Upstash receives integer counters keyed by IP / API-key-hash / user-id, not application data.
Scrubbed errors — Sentry events have a beforeSend hook that strips Authorization + Cookie headers and any extra fields named queryText, narrative, or body. See /security.
Recipient email — Resend receives only the recipient's email + the rendered email body (which itself contains arrangement titles and counts, never compensation amounts or physician PII beyond names).
Customer billing — Stripe is a payment processor; standard PCI-DSS compliance applies. ArrowISE never sees raw card data.

Changes

Material changes to this list (new subprocessor, expanded data category, new region) are announced 15 days in advance via the changelog. Existing customers may object in writing to security@getarrowise.com; objections are reviewed individually.