Sub-processors
Last updated · May 23, 2026
gotcontext.ai is operated by James P. Hollingsworth, a sole proprietor doing business as gotcontext.ai, North Carolina, United States. Legal contact: james@gotcontext.ai.
gotcontext.ai engages the following third-party processors to provide our services. We maintain a 30-day prior change-notice commitment in our DPA: when we add, remove, or materially change a sub-processor, you receive notice before the change takes effect. To subscribe to change notices, write to legal@gotcontext.ai.
Updated 2026-05-23: Beehiiv was added as the newsletter delivery sub-processor for the Cost-of-Inference weekly column and any future opt-in newsletter audiences. Only newsletter subscribers — people who explicitly enter their email at /news or via the in-product subscribe widget — are mirrored to Beehiiv. Customer accounts, API keys, prompts, and billing data are never shared with Beehiiv. The v1.34.16 backfill cron retries failed mirrors every 5 minutes; cancellation flows propagate the unsubscribe to both our database and Beehiiv.
Previously, 2026-05-16: Nevermined and Skyfire were added to support agent-to-agent payment routing on /v1/compress* endpoints. These sub-processors only receive token ID hashes and settlement metadata — raw payment-token signing material never leaves the customer’s wallet. Both are opt-in per tenant (default OFF); tenants who have not enabled agent payment routing have no data shared with either provider. See also the Agent Payment Routing Terms of Service addendum for the full non-custodial routing policy.
Active sub-processors
| Sub-processor | Purpose | Region | Data categories | DPA / Trust |
|---|---|---|---|---|
| Cloudflare | DNS, CDN, edge proxy | Global | Request metadata only (no payload) | ↗ |
| Fly.io | API hosting (FastAPI + MCP gateway) | US-east (iad) | Customer prompts (in-memory only), usage events | ↗ |
| Vercel | Web app hosting (Next.js dashboard + marketing) | Global edge (control plane US) | Session cookies, page-render data, no payload | ↗ |
| Supabase | Postgres database | US-east | User accounts, API keys (hashed), usage events, audit logs | ↗ |
| Upstash | Redis (rate-limit + plan cache) | US-east | Ephemeral rate-limit + cache entries (TTL < 1 day) | ↗ |
| Clerk | Authentication and session management | US (custom domain clerk.gotcontext.ai) | Email, name, OAuth tokens, session JWTs | ↗ |
| Polar | Billing (Merchant of Record) and webhooks | US/EU | Billing email, payment-method last-4, subscription state | ↗ |
| Resend | Transactional email (license keys, alerts, billing) | US | Email address, message body | ↗ |
| Beehiiv | Newsletter delivery (Cost-of-Inference weekly + opt-in subscriber audience). Subscribers only — not used for transactional email or any customer-account flow. | US | Newsletter subscriber email, optional name, subscription status, engagement metrics (open/click). Never: customer prompts, API keys, billing data. | ↗ |
| Sentry | Error tracking and tracing | US (org omega-a1) | Error stack traces (PII redacted via _sentry_before_send) | ↗ |
| PostHog | Product analytics (currently disabled) | US | Page views, anonymized event names (no payload) | ↗ |
| GitHub | Source control + CI/CD (private source repo + public companion repos) | US (GHES) | Source code, Actions secrets | ↗ |
| Nevermined | Agent-to-agent payment facilitator (x402 + AP2 protocols) — opt-in per tenant, default OFF | EU/US (sandbox + prod) | Token ID hash, settlement event metadata. Never: token signing material, wallet keys, or raw payment credentials. | ↗ |
| Skyfire (KYAPay) | Agent-to-agent payment facilitator + identity tokens (KYA) — opt-in per tenant, default OFF | US | Token ID hash, settlement event metadata, identity-claim hash. Never: raw identity content, wallet keys, or token signing material. | ↗ |
Change-notice commitment
We notify customers in writing at least 30 days before adding or replacing a sub-processor that handles your customer data. Customers may object in writing; if we cannot accommodate the objection, the customer may terminate the affected services without penalty. This commitment is mirrored in our standard DPA.