Trust · Subprocessors

Subprocessors

To deliver the service we use the third-party providers below. The substance of your signed documents and signer data is stored in Canada; some providers process limited technical data elsewhere.

Provider	Purpose	Data processed	Primary region
Amazon Web Services (AWS)	Managed PostgreSQL (RDS) and core cloud infrastructure	Encrypted structured data at rest	Canada (ca-central-1)
Cloudflare R2	Document (PDF) object storage	Original and sealed document files	Canada
Stripe	Payment processing	Name, email, billing address, amount	United States
SendGrid	Transactional email delivery	Email address, envelope status	United States
Twilio	SMS one-time-passcode delivery (when enabled)	Phone number, OTP code	United States
MaxMind	IP geolocation for the audit trail	IP address	United States
DigiCert	RFC 3161 trusted timestamping	Document hash (no personal data)	United States
Sentry	Application error monitoring	Diagnostic/error data	United States
Google Analytics	Aggregate website usage analytics	Anonymized session data	United States

How we manage subprocessors

Each provider is engaged only for the purpose listed and is contractually expected to protect the data it handles and to use it solely to provide its service to us. We aim to minimize the data shared with each — for example, timestamping receives only a document hash, not the document itself.

Changes to this list

This list may change as our infrastructure evolves. We will update this page when we add or remove a subprocessor that handles personal data. For the broader picture, see our data residency and privacy policy pages, or contact us with questions.