Sub-processors
Service providers acting on our instructions under written data protection terms.
Last updated: 18 Apr 2026
We use the following service providers acting under our instructions:
Auth0/Okta
Authentication & identity management
Data: Email, user ID, access tokens
Location: United States
Stripe
Payments & fraud prevention
Data: Email, limited billing details, transaction IDs
Location: United States
OpenAI
LLM inference for entity extraction, sort planning, and chat
Data: File text excerpts, user prompts, system prompts
Location: United States
Anthropic
Optional featureLLM inference (when selected via Bring-Your-Own-Key settings)
Data: File text excerpts, user prompts, system prompts
Location: United States
Postmark
Transactional email delivery
Data: Email address, message content
Location: United States
Sentry
Error monitoring & crash diagnostics
Data: App version, platform, error context, timestamps
Location: United States
NeonDB
Managed Postgres for application data
Data: Account data, sorting metadata, extracted text (temporary)
Location: United States
Google Cloud Platform (GCP)
Cloud infrastructure hosting for API services
Data: All service-side data processed by our API
Location: United States
Cloudinary
If usedMedia hosting/delivery
Data: Uploaded media assets
Location: United States
Pinecone
If usedVector search storage
Data: Embeddings derived from file text
Location: United States
International transfers: Some providers process data in the United States or other countries. For such transfers, we rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses, with appropriate supplementary measures.
For questions about our sub-processors or data protection practices, contact us at marcus@getsortio.com.