Legal & Compliance
Third-Party Subprocessor Manifest
In accordance with GDPR Art. 28 and enterprise risk management standards, this manifest provides real-time transparency into the third-party entities that process data on behalf of TSmithCode.ai.
Vercel Inc.
United States
Service Purpose
Hosting, Global CDN, and Performance Telemetry
Data Categories
Request metadata, IP addresses (temporary), edge logs
Stripe, Inc.
United States
Service Purpose
Payment Processing and Fraud Prevention
Data Categories
Billing details, transactional data, payment tokens
Upstash, Inc.
United States / EU
Service Purpose
Global Rate Limiting and API Security
Data Categories
Rate-limit keys, anonymized request hashes
Supabase (PostgREST)
United States (AWS Region)
Service Purpose
Database Storage and Authentication Services
Data Categories
User profiles, proof receipts, engagement telemetry
Privacy-by-Design Commitment
TSmithCode.ai maintains a "Least Privilege" integration model. We do not sell data to subprocessors, and we enforce encrypted transit (TLS 1.3) and encrypted rest (AES-256) standards across all service boundaries.