Sub-processors
Effective 2026-05-27
WatchKeeper is built on top of third-party services that process some of your data on our behalf. We list them here so you can see exactly where your information goes when you use us, plus link to each provider’s own privacy policy.
We notify users via email + a banner on the dashboard at least 30 days before adding or replacing a sub-processor with access to personal data. If you object to a change you can cancel your subscription and export your data before the new sub-processor goes live.
For the full controller / processor relationship, see the Privacy Policy.
Current list
Supabase
privacy policy ↗- Purpose
- Primary database, authentication, object storage.
- Data
- All user account + vessel + passage data. Auth credentials (hashed).
- Region
- ap-northeast-1 (Tokyo) per Supabase project config.
Vercel
privacy policy ↗- Purpose
- Application hosting, edge network, build pipeline.
- Data
- Request logs (IP, user agent, path). No PII in request bodies leaves Vercel.
- Region
- Global edge — primary compute in iad1 (US East).
Cloudflare
privacy policy ↗- Purpose
- DNS, email routing for hello@/support@ inbound mail.
- Data
- DNS query logs. Email envelopes (sender, recipient) for routed mail.
- Region
- Global edge.
Stripe
privacy policy ↗- Purpose
- Payment processing for Offshore + Bluewater subscriptions.
- Data
- Name, email, billing address, card details (PCI scope — we never see PANs).
- Region
- US + EU, per Stripe data-residency policy.
Resend
privacy policy ↗- Purpose
- Transactional email (shore briefs, password reset, verification, invites).
- Data
- Recipient email, message content, delivery metadata.
- Region
- US.
Twilio
privacy policy ↗- Purpose
- SMS delivery for Bluewater-tier urgent shore-brief alerts.
- Data
- Recipient phone number, message text, delivery metadata.
- Region
- US.
Anthropic
privacy policy ↗- Purpose
- AI generation for shore-brief content (Claude API).
- Data
- Passage summary + log entry excerpts passed at generation time. Per Anthropic policy, API content is not used for model training.
- Region
- US.
Sentry
privacy policy ↗- Purpose
- Error monitoring + performance traces.
- Data
- Exception stack traces, request metadata. User IDs scrubbed; no PII in error payloads by design.
- Region
- US (sentry.io).
Inngest
privacy policy ↗- Purpose
- Scheduled job orchestration (twice-daily shore briefs, idempotency sweeps).
- Data
- Job event metadata (vessel ID, passage ID — no message content).
- Region
- US.
OpenStreetMap (Nominatim)
privacy policy ↗- Purpose
- Geocoding ports + anchorages in the passage planner.
- Data
- Search query strings (e.g. "Rikitea"). No user identifier sent.
- Region
- EU (OSM Foundation servers).
Google Analytics
privacy policy ↗- Purpose
- Marketing-site visitor analytics. Loaded only after explicit cookie consent.
- Data
- Anonymized page-view events. No data from app.watchkeeper.me.
- Region
- US.
Changes
This page is the canonical sub-processor list. The “Effective” date at the top reflects the last revision. Material changes are announced by email to active users.