Update the page.
The new entry, its purpose, and primary processing location land here, so the published list always matches what's actually running in production.
Trust & legal
Every third-party
that touches merchant or consent data.
ClearConsent uses a small set of trusted infrastructure providers to operate. This page lists every sub-processor with access to merchant data, what they do, and where they're located. We'll provide 30 days' written notice before adding or replacing any of them.
A short list is the goal. Every vendor we add expands the data-handling perimeter, so we stay deliberately lean.
/ The principle
The full list
Active sub-processors.
These are the only third parties ClearConsent uses to host the app, process billing, send transactional email, monitor errors, grade privacy-policy coverage, and understand aggregate product usage.
| Provider | Purpose | Location |
|---|---|---|
| Railway Application hosting + PostgreSQL database | Compute, storage, networking | United States |
| Cloudflare CDN, DNS, DDoS protection, TLS termination | Edge delivery, request routing | Global edge network |
| Cloudflare R2 Daily encrypted database backups, 7-day rolling retention | Backup object storage | United States |
| Resend Transactional email (verification, password reset, notifications) | SMTP provider | United States |
| Shopify Shopify Billing for subscriptions; Storefront / Admin APIs for install context | Billing, authentication, install context | Shopify-managed infrastructure |
| Sentry Error tracking. PII send is disabled (`send_default_pii=False`); events are configured to avoid unnecessary personal data. | Error monitoring | United States |
| PostHog Product analytics. Aggregate signals only (page views, feature usage). No visitor PII collected. | Aggregate analytics | United States |
| Anthropic When a scan finds a substantive privacy policy (roughly 3,000+ characters), its text is sent to Anthropic's Claude API for automated topic-coverage grading. This applies to every scan, including the free public diagnostic. Thin, empty, or unreadable pages are not sent. Per Anthropic's commercial terms, this text is not used to train models; it is processed under Anthropic's Data Processing Addendum. | AI policy grading | United States |
Change notifications
How additions get communicated.
Three things happen any time the list above changes.
30-day written notice.
Active paid merchants get an email at the account address at least 30 days before any change takes effect — no silent additions.
Right to object.
Object in writing during that window. If we can't reasonably accommodate it, cancel the affected paid service for a pro-rated refund of any unused subscription period.
When you install ClearConsent, you authorize the listed sub-processors for the purposes shown above.
What's not on this list
Vendors we deliberately don't use.
For transparency on what we don't do.
No customer service platform
Support emails come directly to the operator. No Zendesk-style ticketing layer sits between you and us.
No third-party CRM
Account data lives in our own database, never synced to a sales tool like HubSpot or Salesforce.
No marketing-site ad pixels
No Meta Pixel, Google Ads tracking, or LinkedIn Insight on clearconsent.app. The page you're reading isn't being measured for retargeting.
No data brokers
We don't buy or sell merchant or visitor data, ever. The list above is the entire commercial data flow — there is no second tier.
Related
The bigger picture.
The DPA defines how merchant data is handled. The privacy policy covers how visitors are tracked. This page lists the vendors that touch either.