Subprocessors
All third-party vendors with access to AgentLattice customer data. We update this list when vendors are added or removed. Enterprise customers are notified of material changes.
Last updated: April 2026. Request DPA for any subprocessor.
Supabase
Database (PostgreSQL), authentication, and real-time infrastructure
Data accessed
All workspace data: agent identities, audit events, policies, approval records (encrypted at rest)
Data region
US East (AWS us-east-1)
Vercel
Application hosting, CDN, and edge network
Data accessed
HTTP request metadata, edge function logs. No persistent customer data stored.
Data region
Global CDN — data processed at edge closest to request origin
Anthropic
Large language model API (Claude)
Data accessed
Action metadata submitted for LLM-assisted policy evaluation. No raw agent data, file contents, or customer business data.
Data region
US
Conditional: Only applies if your workspace uses AgentLattice features that invoke LLM-assisted policy evaluation. Core governance (gate/govern calls, audit logging, approvals) does not route through Anthropic.
Resend
Transactional email (approval notifications, alerts)
Data accessed
Recipient email addresses, notification content (approval requests, alert summaries)
Data region
US
Stripe
Payment processing and billing
Data accessed
Billing information only. AgentLattice never receives or stores raw card data — Stripe handles PCI DSS compliance.
Data region
US (Stripe global infrastructure)