Last updated: 21st May 2026
EdisonWatch uses the following third-party service providers (subprocessors) to help deliver our SaaS (self-serve cloud) product. We maintain appropriate data processing agreements with each subprocessor and ensure they meet our security and privacy standards.
Applies to SaaS only: This list applies exclusively to EdisonWatch's SaaS (self-serve cloud) offering. Customers on VPC, Self-Hosted, or Air-Gapped deployments are subject to a different (and substantially smaller) set of subprocessors. Air-Gapped deployments use none of the subprocessors below -- by design, no customer data leaves the customer's environment. Contact us for the deployment-specific schedule that applies to your contract.
| Subprocessor | Role | Location |
|---|---|---|
| Supabase | Authentication, user and organisation database, transactional email (signup, invites, password reset) | Ireland (AWS eu-west-1) |
| Railway | Cloud application hosting | Netherlands (GCP europe-west4) |
| Sentry | Error tracking and exception telemetry | Germany (EU) |
| PostHog | Product analytics (user IDs and organisation domain only; no message content) | United States |
| OpenAI | LLM provider for security analysis | United States |
| Google (Gemini) | LLM provider (fallback) for security analysis | United States |
| logo.dev | Logo lookup for connected MCP server display | United States |
| Substack | Marketing newsletter (subscribers only, not product users) | United States |
| Loops | Email collection and newsletter signup via landing page form (subscribers only, not product users) | United States |
We will provide 30 days' notice before adding or replacing subprocessors by updating this page. If you have concerns about any subprocessor, please contact us at [email protected].