Subprocessors
List of third-party service providers (subprocessors) used by VoteAlly.
Effective date: March 9, 2026
VoteAlly uses the following third-party service providers (subprocessors) to help us deliver the Service. We share only the minimum information necessary for each vendor to provide its service, and we require vendors to protect information and use it only for providing services to us.
Notice of Changes: We may update this list from time to time as we add, remove, or replace service providers. For material changes (new subprocessors processing personal data), we will provide notice via email or in-product notification as described in our Data Processing Addendum.
Subprocessors List
Vercel Inc.
Application Hosting
Purpose: Hosts the VoteAlly web application and serverless functions
Data Location: Primary processing in the United States (may vary by region configuration)
Neon, Inc.
Database Hosting
Purpose: PostgreSQL database hosting and connection pooling
Data Location: Primary processing in the United States (may vary by region configuration)
Upstash, Inc.
Caching and Rate Limiting
Purpose: Redis caching, counters, and rate limiting/abuse prevention controls
Data Location: Primary processing in the United States (may vary by region configuration)
Cloudflare, Inc.
Infrastructure & Security
Purpose: Edge security and DDoS protection; edge caching; R2 object storage for organization branding assets and candidate photos
Data Location: Global network; processing location may vary
Resend, Inc.
Email Delivery
Purpose: Transactional email delivery (voting invitations, receipts, notifications)
Data Location: Primary processing in the United States (may vary by vendor configuration)
Stripe, Inc.
Payment Processing
Purpose: Subscription billing, one-time payments, invoicing/receipts, and customer portal
Data Location: Global processing; location may vary
Inngest, Inc.
Background Jobs & Workflows
Purpose: Orchestration of background jobs, event-driven workflows, and scheduled tasks
Data Location: Primary processing in the United States (may vary by region configuration)
Functional Software, Inc. (Sentry)
Error Monitoring
Purpose: Error tracking and performance monitoring. We configure the Service to strip or minimize personal data before transmission where feasible.
Data Location: Primary processing in the United States (may vary by vendor configuration)
Cloudflare Turnstile
Anti-Abuse
Purpose: Bot detection and abuse prevention (planned feature, not currently enabled)
Data Location: Global network; processing location may vary
Data Protection Safeguards
All subprocessors are subject to contractual data protection obligations materially equivalent to those in our Data Processing Addendum, including requirements for:
- Security measures appropriate to the risk
- Confidentiality obligations
- Processing only on documented instructions
- Assistance with data subject rights and breach notification
- International transfer safeguards (where applicable, such as Standard Contractual Clauses)
Objection to New Subprocessors
If you object to a new subprocessor on reasonable data protection grounds, you may notify us at [email protected] within 10 days of our notice. We will work with you in good faith to address the objection (for example, by providing additional information or offering an alternative where commercially reasonable). If no resolution is feasible, you may terminate the affected Services as described in our Data Processing Addendum.