Legal

Policy

Sub-processors.

Last updated 19 April 2026Live list, updated on change

Adalyst engages the sub-processors below to host, secure, deliver, and operate the Service. Each provider processes customer data only as needed to support Adalyst or where required by law. The list is maintained on change; workspaces with notifications enabled are emailed when an entry is added, removed, or materially changed.

A machine-readable version is served at GET /api/public/sub-processors for customers who track sub-processors inside their own vendor-management system.

ProviderPurposeData categoriesRegionDPA
Amazon Web ServicesObject storage (S3) for uploaded spreadsheets, campaign images, and document assets.
  • uploaded content
  • campaign assets
USOn request
AnthropicLarge language model processing for Adalyst Intelligence analysis, findings generation, and copy rewrites.

All prompts are PII-redacted before transmission (see LLM gateway).

  • redacted prompts
  • platform metadata
USOn request
Google LLCGoogle sign-in (identity) and Google Ads / GA4 API connectivity for customers who enable those integrations.

Only applies when a user signs in with Google or connects Google Ads / GA4.

  • account identifier
  • workspace email
  • OAuth tokens
USOn request
MicrosoftMicrosoft sign-in (identity) and Microsoft Ads API connectivity for customers who enable those integrations.

Only applies when a user signs in with Microsoft or connects Microsoft Ads.

  • account identifier
  • workspace email
  • OAuth tokens
USOn request
OpenAILarge language model processing for Adalyst Intelligence chains where Anthropic is not the selected provider.

All prompts are PII-redacted before transmission (see LLM gateway).

  • redacted prompts
  • platform metadata
USOn request
RailwayCloud infrastructure hosting for the Adalyst API, worker, and web applications.

Hosted region: us-east4.

  • all Adalyst-hosted data
USOn request
ResendTransactional email delivery (account verification, password reset, invitations, service notices).
  • recipient email
  • message body
USOn request
SentryApplication error tracking and performance monitoring.

PII scrubbing is applied before events leave the application.

  • error metadata
  • stack traces
  • request context
USOn request
StripeSubscription billing, checkout, and payment processing.

Card data is handled entirely by Stripe — Adalyst never stores card numbers or CVVs.

  • billing identifiers
  • subscription metadata
  • workspace email
US, IEOn request

For questions about this list or DPA documentation, email privacy@adalyst.app. The full Privacy Policy is at /privacy.