Current processing and subprocessor notice.
This notice lists the third-party services that may process data for the current FoundryOS pilot. Optional services are marked clearly so the page reflects actual deployment reality.
Last updated April 19, 2026. This is the current pilot-facing policy surface and should receive counsel review before broad commercial launch.
Current providers
| Provider | Role | Data involved | Status |
|---|---|---|---|
| Vercel | Application hosting, edge delivery, and runtime infrastructure | Application traffic, request metadata, and deployed site content. | Active |
| Managed Postgres provider | Primary application database | Accounts, workspaces, business profiles, generated artifacts, support requests, and deletion requests. | Active when DATABASE_URL points to Supabase Postgres, Neon, or another compatible managed Postgres provider |
| OpenAI | Optional AI-assisted snapshot refinement | Business intake and heuristic diagnostic context when AI enhancement is enabled for a deployment. | Optional |
| Resend | Optional transactional email delivery | Account email addresses and message content for verification, reset, invite, and support-related notifications. | Optional |
| Stripe | Optional checkout and billing infrastructure | Customer email, billing identifiers, and payment events when billing is enabled. | Optional and disabled on many preview deployments |
| Cloudflare Turnstile | Optional abuse and spam protection on public forms | Form interaction metadata required to validate a challenge response. | Optional |
| PostHog | Optional product analytics | Usage events and product interaction telemetry when analytics is enabled. | Optional |
Founder note
This notice still needs lawyer review before a broader launch, especially if the product adds formal analytics, a data processing addendum, or region-specific transfer language.
Related policies