Subprocessor List
Third-party providers that may process data for Haruspex.
Last updated July 12, 2026
1. Purpose
This Subprocessor List identifies third-party service providers (“Subprocessors”) that Haruspex may use to process Customer Data or Personal Data while providing the Services.
Haruspex carefully selects subprocessors based on their security, reliability, and ability to comply with applicable privacy and data protection obligations.
This list may change as our infrastructure evolves.
2. Categories of Processing
Subprocessors may perform one or more of the following functions:
- Cloud infrastructure
- AI model inference
- Database hosting
- Authentication
- Analytics
- Error monitoring
- Email delivery
- File storage
- CDN and networking
- Customer support
- Security monitoring
- Payment processing (future)
Each subprocessor only receives access to the data reasonably necessary to perform its services.
3. Current Subprocessors
At the time of publication, Haruspex currently uses the following subprocessors.
Provider Purpose Data Processed Processing Region OpenAI AI model inference User prompts, uploaded files, generated outputs Global Supabase Database, authentication, storage Account information, application data, authentication records Region selected by Haruspex Cloudflare CDN, DNS, DDoS protection, security IP addresses, request metadata, cached assets Global Vercel Application hosting and deployment Application traffic, logs, deployment metadata Global
4. Future Subprocessors
Haruspex may engage additional subprocessors as the platform expands.
Potential categories include:
- Payment processors
- Transactional email providers
- Customer support platforms
- Analytics platforms
- Error monitoring services
- Security monitoring providers
- Backup providers
- Cloud infrastructure providers
- Identity verification services (if required)
These providers will be added to this document before or shortly after they begin processing Customer Data.
5. AI Providers
Haruspex provides AI-powered analysis.
AI requests may be processed using one or more third-party AI providers depending on:
- model availability;
- latency;
- reliability;
- cost optimization;
- customer-selected preferences; or
- technical requirements.
Haruspex may change AI providers without prior notice provided appropriate contractual and security protections are maintained.
6. International Data Transfers
Some subprocessors process data in multiple jurisdictions.
Where applicable, Haruspex implements reasonable contractual and organizational safeguards intended to protect Personal Data during international transfers.
7. Security Requirements
Haruspex requires subprocessors, where commercially reasonable, to:
- implement appropriate technical and organizational security measures;
- restrict personnel access to authorized individuals;
- maintain confidentiality obligations;
- notify Haruspex of security incidents affecting Customer Data where required by contract;
- process data only for authorized purposes.
8. Due Diligence
Before engaging a new subprocessor, Haruspex may evaluate factors including:
- security certifications;
- privacy practices;
- contractual commitments;
- reliability;
- reputation;
- operational maturity.
9. Customer Notifications
Material additions or replacements of subprocessors may be reflected by updating this Subprocessor List.
Customers are encouraged to periodically review this page for updates.
10. Data Minimization
Haruspex seeks to disclose only the minimum amount of Customer Data necessary for a subprocessor to perform its services.
Whenever possible, data is encrypted during transmission and protected using industry-standard security controls.
11. Contact
Questions regarding subprocessors or data processing practices may be directed to Haruspex using the contact information published on the Service.