Subprocessors and Service Providers

Overview

Last updated: May 27, 2026

AgencyScope uses the providers below to operate the service, process payments, deliver emails, host infrastructure, measure product reliability, and run AI visibility workflows. This page supplements our Privacy Policy.

Customers may contact [email protected] for data processing questions, security questions, or DPA requests.

Current providers

ProviderRole / TypePurposeData categories

Supabase

Infrastructure subprocessor

Authentication, database, storage, and account records

Account details, workspace data, brand configuration, prompts, competitor names, run metadata, raw AI responses, structured prompt results, report metadata, generated report files, uploaded assets, and service records

Railway

Hosting and compute subprocessor

Application hosting, background workers, and service runtime

Application traffic, runtime logs, job metadata, and operational diagnostics

Cloudflare

Security, CDN, and analytics service provider

DNS, security, delivery, performance, bot protection, and operational analytics

IP address, request metadata, device/browser metadata, security events, and aggregated traffic diagnostics

Creem

Merchant of Record and payment service provider

Merchant of Record payment processing, tax, invoices, refunds, and chargeback handling

Billing contact details, checkout metadata, subscription status, invoice and payment records

OpenAI

AI model subprocessor

ChatGPT visibility checks and report insight generation

Prompts, brand context, competitor names, answer excerpts, run metadata, and report inputs needed for ChatGPT checks and report insight generation

Google Gemini

AI model subprocessor

Gemini visibility checks

Prompts, brand context, competitor names, run metadata, and generated responses needed for Gemini visibility checks

Perplexity

AI/search model subprocessor

Perplexity / Sonar visibility checks and answer retrieval

Prompts, brand context, competitor names, run metadata, generated responses, and citation/search context needed for Perplexity visibility checks

Resend

Email delivery subprocessor

Transactional email delivery

Email address, message metadata, and email content for account, support, billing, and product notifications

Not every provider receives every category of data. AgencyScope shares Customer Data with each provider only as needed to operate the relevant feature, including authentication, hosting, payment processing, email delivery, AI visibility checks, report generation, storage, security, support, and service operations.

Confidential data

Customer Content is processed to provide the Service and is not sold.

Prompts, brand context, competitor names, uploaded assets, answer excerpts, report inputs, and generated report content may be processed by third-party AI providers when you run checks or generate reports. Do not submit secrets, credentials, regulated data, special-category personal data, or client confidential information unless you have the right to process it through AgencyScope and its providers.

AI provider use

When customers run AI visibility checks or generate report insights, AgencyScope may send prompts, brand context, competitor names, answer excerpts, run metadata, and report inputs to selected AI providers. Where supported by the applicable provider terms and account settings, AgencyScope configures AI provider usage so Customer Content is not used to train foundation models. Provider-specific retention, abuse monitoring, and security processing may still apply under the relevant provider terms.

Subprocessor changes

AgencyScope may update this list from time to time. If we add or replace a provider that materially changes how Customer Data is processed, we will update this page and, where required by applicable law or a signed agreement, provide prior notice to affected customers.

Customers with a signed data processing agreement may object to a new subprocessor as described in that agreement.

Email provider scope

Resend does not receive customer prompts, raw AI responses, or generated reports unless such content is included in an email notification or support request.

Contact

For privacy, subprocessor, or DPA questions, contact [email protected].