Subprocessors
Last updated: 2026-05-31
This is the canonical, authoritative list of the subprocessors BankChangeGuard engages to process Customer Data. The Terms of Service, the Privacy Policy, the Compliance and Security page, and the Data Processing Addendum all reference this page so the list cannot drift between pages.
Our subprocessors
We appoint the following subprocessors to help operate the Service. Each is bound to data-protection obligations consistent with our own, and none is permitted to use your data for its own purposes.
| Provider | Role | Data categories | Region | Privacy |
|---|---|---|---|---|
| Vercel | Application hosting + edge content delivery | Application traffic + service logs in transit; rendered app pages | United States (iad1) | Link → |
| Neon | Primary Postgres database storage | Account data, vendor metadata, change-event records (account last-4 only), verification responses, audit-trail events, waitlist emails | United States (US East) | Link → |
| Polar | Billing / Merchant of Record | Billing contact email, payment method (held by Polar), Polar customer ID, card last-4 | European Union + United States | Link → |
| Resend | Transactional email delivery (vendor verification emails) | Recipient email, message content, delivery status | United States | Link → |
Customer-controlled services we access
This is not a subprocessor we appoint. It is your own service that we read from on your documented instruction after you connect it. You control the account and the access you grant.
| Service | Role | Data categories | Region | Privacy |
|---|---|---|---|---|
| Intuit QuickBooks Online (your company) | Read-only OAuth access to your vendor list and verified-contact data, on your instruction | Vendor names, vendor contact emails (read-only); encrypted OAuth tokens | Customer-controlled (United States) | Link → |
Change notice and objection
We will notify customers at least 30 days before adding or replacing a subprocessor that processes Customer Personal Data, except where urgent security, availability, or legal reasons require shorter notice. Customers may object on reasonable data-protection grounds within the notice period; we will work in good faith to address the objection, and if we cannot, the customer may terminate the affected portion of the Service as described in the Data Processing Addendum. To receive change notices or to raise an objection, contact privacy@bankchangeguard.com.