Sub-processors
Last updated: July 2026 — the third parties that help us run AgentCorp.
Who we work with
To deliver AgentCorp we rely on a limited set of vetted sub-processors. Each is engaged under a written agreement that requires it to process data only on our documented instructions and to maintain appropriate technical and organizational safeguards. The table below lists every sub-processor we currently use, what it does, where it primarily processes data, and whether it may process customer personal data.
| Name | Purpose | Location | Personal data? |
|---|---|---|---|
| Clerk | Authentication & user identity | United States | Yes |
| Supabase | Primary database & file storage | United States | Yes |
| Railway | Application hosting & compute | United States | Yes |
| Stripe | Payments, subscriptions & invoicing | United States | Yes |
| Anthropic | Primary AI model processing (Claude) | United States | Yes |
| xAI (Grok) | Secondary AI model processing (marketing agent) | United States | Yes |
| Twilio | WhatsApp / SMS messaging channel | United States | Yes |
| Customer.io | Lifecycle & transactional email | United States | Yes |
| Intercom | In-product customer support messaging | United States | Yes |
| PostHog | Product analytics (consent-gated) | United States | Yes |
| Sentry | Error & performance monitoring | United States | No |
| Arize | AI output observability & evaluation | United States | No |
Change notice
We will provide at least 14 days' notice before adding a new sub-processor or replacing an existing one that processes personal data, giving you time to review the change. Customers with an active Data Processing Agreement may object to a new sub-processor on reasonable data-protection grounds as described in the DPA.
Objections and questions
To raise an objection or ask a question about a sub-processor, contact our privacy team at privacy@agentcorp.work. See our Data Processing Agreement for the full contractual terms.
Privacy questions? Email privacy@agentcorp.work