RAgencyOS · Legal

Subprocessor List

Effective
May 31, 2026
Last revised
May 31, 2026
Version
2026.05.31
Issued by
RAgencyOS, ragencyos.com
The short version

These are the third-party services that touch your data so we can run the Service. Each one is bound by its own privacy and security commitments. We give 15 days’ advance notice by email before adding a new one. Want to be notified when this list changes? Email support@ragencyos.comwith the subject “Subscribe to subprocessor changes.”

1.Current subprocessors

VendorPurposeRegionPrivacy
Supabase
Primary database, file storage, magic-link authentication
Account info, agency operating data, agent personal info, sensitive document storage (W-9, photo ID), communications metadata, time-tracking, audit log
United StatesView →
Vercel
Application hosting, serverless functions, edge serving
Request logs, application code, environment configuration
United StatesView →
Cloudflare
DNS and content delivery network
Request metadata (IP, user-agent, timing), static assets
Global edgeView →
Resend
Outbound transactional email delivery
Recipient email addresses, email body and metadata, delivery status
United StatesView →
Google
Optional · opt-in
Google Drive file sync, only when Customer opts in
Uploaded files (statements, exports) that Customer chooses to back up
Per Customer Google accountView →
Telegram
Optional · opt-in
Team chat bot integration, only when Customer configures it
Messages routed between the Service and Customer team chat, sender Telegram identity for tagged-message analytics
Telegram global infrastructureView →

2.Change notification

When we add a new subprocessor that processes Customer Personal Data, we will give subscribed account owners at least 15 days’ advance notice by email before the change takes effect, where reasonable. Customers may object during that window per Data Processing Addendum §7.

To subscribe to subprocessor change notifications, email support@ragencyos.comwith subject “Subscribe to subprocessor changes.”

3.What this list is, and isn't

This list includes third parties that process Customer Personal Data on our behalf as part of the Service. It does not include:

  • Tools we use internally that never receive Customer Personal Data (e.g. our payroll provider for our own staff, our accounting software, our code repository).
  • Tools Customers connect via OAuth or API outside the Service (e.g. a Customer’s payroll processor like ADP, Gusto, or Paychex). Those are direct relationships between the Customer and the provider; we have no access.
  • The Customer’s own end users or downstream service providers.

4.Contact

Subprocessor questions or change-subscription requests:

This document is provided in good faith and reflects RAgencyOS’s current practices as of the effective date shown above. It does not constitute legal advice. For questions, please contact support@ragencyos.com.

— RAgencyOS