Sub-processors
Last updated: April 11, 2026
Effective version: 2026-04-11
This list contains active sub-processors for InQuote and the purpose of processing. The list is designed to keep contractual and operational updates practical and auditable and is referenced from our Privacy Policy and Terms of Service.
| Processor | Purpose | Data Categories | Transfer & Safeguards |
|---|---|---|---|
PostHog EU instance (eu.i.posthog.com) | Usage analytics and AI feature telemetry. | IP-derived hash inputs, user agent, hostname, URL metadata, pageview and `ai_*` event properties. | Account controls and contractual terms in provider agreement. |
Convex Convex cloud regions as provisioned in your deployment. | Application data persistence, auth session data, invoices, quotes, clients, audit and activity logs. | Account records, company and billing metadata, documents, tokens, logs, integration metadata. | Environment security controls and contractual relationship for processor duties. |
Better Auth / Auth stack Configured infrastructure for auth services. | Authentication and identity management. | Auth session data, account tokens, profile identifiers. | Data minimization and role-based access controls. |
Stripe Stripe processing region according to account configuration. | Subscription checkout, invoices, and customer billing portal. | Customer email, subscription identifiers, payment event metadata. | Stripe platform contract and payment security controls. |
Anthropic / OpenAI / OpenRouter Provider endpoint region by model routing and agreement. | AI model inference for chat and document drafting. | Conversation context, document summaries, model settings, optional prompts. | Model provider DPAs and contractual clauses for processing instructions. |
Gmail / Outlook Provider-operated infrastructure. | Sending document notifications, syncing email-related workflows. | Subject/body metadata, recipient addresses, connected account identifiers and tokens. | OAuth consent, encrypted token storage at rest, and revoke workflows. |
Slack / Teams / Notion / Jira / Asana / iManage Provider-operated infrastructure. | Export/share document metadata, create items, or post updates in integrations. | Document IDs, summaries, user-entered fields passed to tool calls. | OAuth scope minimization, signed API calls, encrypted tokens. |
1. Transfer mechanism
For transfers outside the EEA, InQuote relies on the provider-specific safeguards in contracts, adequacy-based settings where applicable, and processor-level restrictions in integration and billing workflows.
2. Updates
We maintain this list as a living register. If any sub-processor changes, this page is updated and linked from the Privacy Policy.