Subprocessors
Last updated: June 23, 2026
This page lists every third party that processes data in connection with Podclave, operated by Podclave LLC. It comes in two honest categories, because Podclave’s design splits them cleanly:
- Infrastructure subprocessors — vendors we engaged to run the service. They process service data on our behalf.
- Connected services you authorize — providers you have your own account with, which Podclave talks to using credentials you explicitly connect. They are not subprocessors in the classic sense: your relationship with each is direct, but we list them because our service touches them with your data.
We will update this page before adding a new infrastructure subprocessor, and notify organization admins by email of material additions. The change history of this page is preserved.
1. Infrastructure subprocessors
| Provider | What it does for us | What it sees | Location |
|---|---|---|---|
| Fly.io, Inc. | Hosts the Podclave control plane (the app serving podclave.com). | All service traffic and data transits its infrastructure. | USA |
| Neon, Inc. | Managed Postgres — our system of record. | Account data, organization data, configuration, and the encrypted credential blobs (encrypted by us before storage; Neon never sees keys). | USA |
| Resend, Inc. | Transactional email: sign-in codes, organization invites. | Your email address and the contents of those emails. | USA |
| Stripe, Inc. | Payment processing for paid seats. | Billing details and card data (provided by you directly to Stripe; card numbers never touch our servers), email, invoice history. | USA |
| PostHog, Inc. (US Cloud) | Server-side product analytics and error tracking. | A fixed allowlist of pseudonymous events keyed by a random account UUID — never emails, content, file names, repo names, credentials, prompts, or IP addresses. See the Privacy Policy, section 3. | USA |
| Cloudflare, Inc. | Bot protection (Turnstile) on the sign-in page; DNS and redirects for auxiliary hostnames. | Browser signals from the sign-in page needed to distinguish humans from bots; DNS-level request metadata for redirect hostnames. | USA / global edge |
| AgentMail, Inc. | Provisions and operates the per-Sprite Agent Email inboxes (the email API, IMAP, and SMTP backend) under Podclave’s account. Applies only to organizations that enable Agent Email. | The content of email sent and received through inboxes you enable, the inbox-scoped credentials we place on your Sprite, and sender/recipient addresses. | USA |
2. Connected services you authorize
These activate only if you connect them, and you can revoke each one — in Podclave and at the provider — at any time.
| Provider | Why Podclave talks to it | What flows |
|---|---|---|
| Sprites.dev / Fly.io | Your Sprites run in your own Sprites.dev organization (you pay Fly.io directly). Podclave calls the Sprites.dev API with the token you connect to create, configure, and access your Sprites. | API calls authenticated as you; the contents of your Sprites transit our control plane when you use features that move them (files, terminal, provisioning) and are not retained by us. |
| Anthropic, PBC | If you connect Claude, we complete Anthropic’s OAuth flow, store the resulting tokens encrypted, place them on Sprites you own, and refresh them before expiry. | OAuth token exchange and account profile (subscription type). Your actual Claude usage — prompts and responses — flows directly between your Sprite and Anthropic, never through Podclave. |
| GitHub, Inc. | If you connect GitHub, we complete GitHub’s OAuth flow and place the token on Sprites you own so git and gh are signed in. |
OAuth token exchange and your GitHub username. Your repository traffic flows directly between your Sprite and GitHub. |
3. Client-side page resources
Podclave serves its own fonts, scripts, and styles from its own origin — your browser makes no third-party requests for page assets (web fonts included), so nothing leaks your IP address to a font or asset CDN on page load. The one exception is Cloudflare Turnstile on the sign-in page, covered as our bot-protection subprocessor in section 1 and in the Cookie Policy.
Questions about any of these: hello@podclave.com.