Subprocessors

Last updated: 2026-05-11.

A subprocessor is a third-party service that Ripenn uses to deliver the Ripenn product, where that service may receive or process customer data on Ripenn's behalf. This page lists every current subprocessor, what each one receives, and where they are based.

For how this data is collected, see Privacy. For how AI providers (a category of subprocessor) handle prompt content specifically, see Data Usage. For Ripenn's production architecture, see Security.

Infrastructure

Subprocessor	Purpose	Data received	Location
Supabase	Managed Postgres database and authentication	All application data: accounts, audit configurations, audit results, project members	AWS us-east-2 (Ohio, US)
Vercel	Web app hosting, edge routing, TLS termination	Request metadata, IP addresses, deployment logs	Global edge; US-based company
Google Cloud Run	Container runtime for Temporal workers	Workflow payloads at runtime (not stored long-term by the runtime)	US region
Temporal Cloud	Workflow orchestration for background jobs	Workflow IDs, metadata, payloads passing through in transit	US-based
Infisical	Secrets management for production credentials	Encrypted secrets (Supabase keys, API tokens, OAuth credentials)	US-based

AI providers (used for audit runs)

These providers receive the prompts in your prompt set when audits run. See Data Usage for the full breakdown of what each one does with those prompts.

Subprocessor	Purpose	Data received	Location
OpenAI	Engine call (ChatGPT / GPT-5.2)	Prompt text	US
Anthropic	Engine call (Claude) and analysis call	Prompt text; engine responses for analysis	US
Google	Engine call (Gemini via Vertex AI)	Prompt text	US
Perplexity	Engine call (Perplexity)	Prompt text	US

Payments

Subprocessor	Purpose	Data received	Location
Stripe	Payment processing, subscription management	Billing email, subscription state, payment events. Card numbers handled directly by Stripe; never seen by Ripenn.	US

Observability and analytics

Subprocessor	Purpose	Data received	Location
PostHog	Product analytics	Stable user ID, email, profile name, page views, feature flag evaluations	US Cloud

Anti-abuse

Subprocessor	Purpose	Data received	Location
Cloudflare Turnstile	Anti-bot challenge on the sign-in form	Challenge token, request metadata	Global edge; US-based

Optional integrations

These subprocessors only receive data if you connect or invoke them.

Subprocessor	Purpose	Data received	Location
Jina Reader	Used to render JavaScript-heavy pages during content imports	The URL being crawled	Singapore-based; global edge
Webflow	Content publishing (if you connect your Webflow account)	OAuth token and the content you explicitly push	US
WordPress.com	Content publishing (if you connect your WordPress account)	OAuth token and the content you explicitly push	US

International data transfers

Most of Ripenn's subprocessors are based in the United States. For customers in the EU, UK, or EEA, transfers of personal data to the US and other non-EEA jurisdictions are covered by Standard Contractual Clauses with each subprocessor, supplemented by the UK International Data Transfer Addendum for UK customers. Where a subprocessor offers additional certifications (Data Privacy Framework, ISO 27001, SOC 2), Ripenn relies on those as further safeguards.

Changes to this list

When Ripenn adds, removes, or replaces a subprocessor that handles customer personal data, this page is updated and the change is recorded in the public Ripenn repository. Material additions (a new category of provider, or a provider that processes a new category of data) are communicated to active customers by email at least 14 days before the change takes effect, giving you the opportunity to object.

To subscribe to subprocessor change notifications, email support@ripenn.ai with the subject “Subscribe: subprocessor updates”.

Questions

For DPA requests, vendor security questionnaires, or specific questions about any subprocessor on this list, email support@ripenn.ai.