Pillars
Defense in depth.
Subprocessors
Who touches your data.
Email security@pagereflect.com to be notified before we add subprocessors.
| Name | Purpose | Data shared |
|---|---|---|
Vercel | Application hosting + edge network | Request metadata, deploy artifacts |
Supabase | Postgres database + auth + storage | Account data, audit artifacts, reports |
Stripe | Payment processing | Billing metadata, Stripe customer ids (no raw card data) |
Resend | Transactional email | Recipient email, subject, template ids |
Sentry | Error tracking (when DSN configured) | Stack traces, structured event tags |
Inngest | Durable audit execution | Event payloads with ids only, not full records |
Jina Reader | Primary page extraction for audits | Public URL requested and extracted text/metadata |
Google PageSpeed Insights | Lab performance metrics | Audited public URL sent to the PSI API |
OpenAI | Report reasoning (default tier) | Extracted page content for the audited URL |
FAQ
Common questions.
We do not hold a SOC 2 Type II report today. If your procurement process requires a security questionnaire or bridge materials, email security@pagereflect.com and we will respond with what we can share under NDA.
Need something not listed here?
Security questionnaires, architecture diagrams, and vendor details are available on request.