Supabase
Privacy policy ↗- Purpose
- Hosted Postgres database, authentication, Realtime, edge functions, cron jobs
- Region
- Frankfurt, Germany (eu-central-1)
- Data accessed
- All Customer Data (audit events, approvals, tools, policies, users)
Legal · Sub-processors
Sub-processors
Pliuz uses the following sub-processors to deliver the service. Any addition triggers a 30-day notice to existing customers (via email and updates to this page).
Cloudflare
Privacy policy ↗- Purpose
- DNS, CDN, DDoS protection for marketing site and app endpoints
- Region
- Global edge (no Customer Data stored)
- Data accessed
- IP addresses, request metadata for caching and security
Slack
Privacy policy ↗- Purpose
- Approval notifications, interactive buttons, DM routing (only if Customer enables Slack integration)
- Region
- US (Slack default infrastructure)
- Data accessed
- Approval request summary, approver Slack user IDs, channel IDs
Vercel
Privacy policy ↗- Purpose
- Hosting for marketing site (pliuz.com) and Next.js app (app.pliuz.com)
- Region
- EU (Frankfurt) for app routes; global edge for static marketing
- Data accessed
- Request metadata only. Customer Data is fetched at request time from Supabase (EU), never stored on Vercel.
Plausible Analytics
Privacy policy ↗- Purpose
- Cookie-free analytics on marketing site only (no app routes tracked)
- Region
- EU (Frankfurt)
- Data accessed
- Aggregated page views, referrers, country (no IP retention, no cookies, no fingerprinting)
Resend
Privacy policy ↗- Purpose
- Transactional and waitlist email delivery (double opt-in confirmation, launch and early-access notices)
- Region
- EU (Ireland, eu-west-1)
- Data accessed
- Recipient email address and the content of the email sent (no audit payloads, no Customer Data)
Last updated: 2026-06-01. Subscribe to changes by emailing founder@pliuz.com with subject "Subscribe sub-processor updates" — we will email any addition 30 days before it goes live.