Sub-processors
Last updated · 24 May 2026
Pointnode Ltd uses the following sub-processors to deliver the Pointnode platform. Each is engaged under a written data-processing agreement and only processes Customer data to provide the service.
We notify org admins by email at least 30 days before adding or replacing a sub-processor. Customers may object before the change takes effect; if a workable alternative cannot be agreed, the Customer may terminate without penalty.
Current sub-processors
| Provider | Purpose | Data processed | Region | Transfer mechanism |
|---|---|---|---|---|
| Supabase Inc. Privacy · DPA | Postgres database, authentication, file storage, edge functions, realtime subscriptions | All Customer data — accounts, audit log, telemetry, configuration, uploads | EU (eu-west-1, Ireland) | Within UK / EEA — no transfer mechanism required |
| Vercel Inc. Privacy · DPA | Cloud dashboard hosting and CDN | Web request logs (IP, user-agent, path); no application data persisted on Vercel | Multi-region (edge); EU primary | SCCs / IDTA in Vercel DPA |
| Fly.io Inc. Privacy · DPA | MQTT-to-database ingest service hosting (pointnode-ingest app), with a persistent volume for the disk-spool retry buffer | Asset telemetry in transit; transient retry-buffer contents on disk | London (lhr) | Within UK — no transfer mechanism required |
| HiveMQ GmbH Privacy · DPA | MQTT broker for asset telemetry transport | Asset telemetry in transit (machine data, no personal data) | EU (Frankfurt) — confirm cluster region with Customer on request | Within EEA — no transfer mechanism required |
| Resend Inc. Privacy · DPA | Transactional email delivery (alerts, password resets, invitations) | Recipient email address, alert subject and body | United States | EU SCCs / UK IDTA in Resend DPA |
| Stripe Payments Europe Ltd Privacy · DPA | Subscription billing, invoice generation and delivery, customer billing portal. Card / bank-account capture happens directly between the Customer and Stripe's hosted checkout pages; Pointnode never sees raw payment instrument data. | Customer organisation name, billing contact email address, invoice line items and amounts, payment metadata | Ireland (EU) with US affiliate processing | EU SCCs / UK IDTA in Stripe DPA |
| Functional Software, Inc. (Sentry) Privacy · DPA · Sub-processors | Application error monitoring and observability. Browser and server-side exception payloads, stack traces, request URL, user-agent, and the authenticated user’s account UUID for correlation. Email addresses are hashed (deterministic SHA-256 prefix) before transmission; display names, message bodies, and customer telemetry are never sent. | Authenticated account UUID, request metadata (URL, user-agent, HTTP status), exception stack trace, environment fingerprint | United States | EU SCCs / UK IDTA in Sentry DPA |
| Anthropic PBC (internal engineering only) | AI assistant used by Pointnode engineering for development. Not connected to production Customer data. | None | n/a | n/a |
Auxiliary services (not sub-processors)
These services are used for our own business operations and do not process Customer personal data:
- GitHub — source code hosting (no Customer data).
- Linear / our internal docs — engineering coordination (no Customer data).
- UptimeRobot — external monitoring of public health endpoints (no Customer data).
Subscribe to sub-processor changes
Org admins are automatically notified of changes by email. To subscribe an additional address (e.g. a Customer's DPO), email privacy@pointnode.io.