AgentLattice/Docs
Get Started
Navigate docs

Releases

Subprocessors

AgentLattice uses the following third-party vendors (subprocessors) that may process or store customer data. This list is updated when vendors are added or removed. Enterprise customers will be notified of material changes.

Last updated: April 2026

Supabase

Purpose: Database (PostgreSQL), authentication, and real-time infrastructure.

Data accessed: All workspace data, including agent identities, audit events, policies, and approval records. All data is encrypted at rest using AES-256.

Data region: US East (AWS us-east-1)

Security documentation: supabase.com/security

Vercel

Purpose: Application hosting, CDN, and edge network.

Data accessed: HTTP request metadata and edge function logs. No persistent customer data is stored by Vercel.

Data region: Global CDN. Request data is processed at the edge closest to the request origin.

Security documentation: vercel.com/security

Anthropic

Purpose: Large language model API (Claude) for LLM-assisted policy evaluation.

Data accessed: Action metadata submitted for LLM-assisted policy evaluation. AgentLattice does not send raw agent data, file contents, or customer business data to Anthropic.

Data region: United States

Security documentation: anthropic.com/security

Conditional: This subprocessor only applies if your organization uses AgentLattice features that invoke LLM-assisted policy evaluation. Core governance functions — gate/govern calls, audit logging, and approval workflows — do not route through Anthropic.

Resend

Purpose: Transactional email delivery for approval notifications and security alerts.

Data accessed: Recipient email addresses and notification content (approval request summaries, alert details).

Data region: United States

Security documentation: resend.com/security

Stripe

Purpose: Payment processing and billing.

Data accessed: Billing information only. AgentLattice never receives or stores raw cardholder data. Stripe handles PCI DSS compliance for all payment card data.

Data region: United States (Stripe global infrastructure)

Security documentation: stripe.com/docs/security

Requesting a DPA

If you need a Data Processing Agreement for any of the above subprocessors, or if you need AgentLattice to execute a DPA as a data processor for your organization, contact security@agentlattice.com.

A DPA template is available for download from the Security page.

Notification of Changes

Enterprise customers are notified by email when a new subprocessor is added. If you have contractual requirements around subprocessor change notification timelines, include those requirements in your DPA negotiation.