Subprocessors — goldprice.dev
Version 0.1 · Last updated: 2026-04-20
What is a subprocessor?
A subprocessor is a third-party service we use to operate goldprice.dev. Each subprocessor processes some category of data on our behalf under a data processing agreement (or equivalent contractual protection). This page is the canonical list; our Terms of Service and Privacy Policy reference it rather than re-listing every vendor, so we can swap vendors without amendment ceremony.
If you have questions about a specific subprocessor, email support@goldprice.dev with subject prefix [PRIVACY].
Current subprocessors
| Service | Purpose | Data handled | Hosting region | Provider privacy policy |
|---|---|---|---|---|
| Stripe, Inc. | Payment processing, invoicing, tax calculation, dunning, customer portal | Billing address, tax ID, payment method metadata (last 4 digits), email, customer + subscription identifiers | US (SOC 2 Type II, PCI-DSS Level 1) | stripe.com/privacy |
| Supabase, Inc. | Primary database, authentication, row-level security | Account data, API key hashes, derived price records (no personal data), aggregated usage metadata | US (us-west-1) | supabase.com/privacy |
| Fly.io, Inc. | Application hosting, container orchestration, edge routing | Request logs (IP, endpoint, status), ephemeral compute state | Global edge (primary: IAD / US-East) | fly.io/legal/privacy-policy |
| Upstash, Inc. | Redis cache, rate-limit counter storage, short-lived session data | Rate-limit counters (keyed by org ID or IP), onboarding session plaintext keys (10-minute TTL) | US (us-east-1 regional) | upstash.com/trust/privacy |
| Resend, Inc. | Transactional and marketing email delivery (Week 2 scope) | Email address, message subject + body, delivery + open metadata | US | resend.com/legal/privacy-policy |
| Sentry, Inc. | Error tracking, performance monitoring | Error stack traces, user agent, IP address at error time, redacted request metadata | US | sentry.io/privacy |
| Cloudflare, Inc. | CDN, DNS, DDoS protection, TLS termination | IP addresses, request headers, request metadata | Global edge network | cloudflare.com/privacypolicy |
| Anthropic, PBC | AI-assisted support draft generation (primary LLM); zero-retention terms | Support ticket content, customer email address, metadata needed to draft a response | US | anthropic.com/legal/privacy |
| Google LLC (Gemini API) | AI-assisted support draft generation (fallback LLM); zero-retention terms | Support ticket content, customer email address, metadata needed to draft a response | US | policies.google.com/privacy |
Upstream public-reference data sources
The following are not subprocessors in the data-protection sense — we do not send personal data to them. They are the public-reference data sources that feed our aggregation pipeline. Listed here for transparency and referenced in our methodology document:
- World Gold Council (WGC) — live spot price reference in 13 currencies, via
fsapiendpoint - Stooq — COMEX gold futures (GC.F) continuous series, 10+ years of XAU/USD daily historical (2015 to present)
- European Central Bank (ECB) via
frankfurter.dev— FX reference rates - Yahoo Finance — COMEX gold futures (GC=F) and SPDR Gold Shares (GLD) best-effort snapshots
Use of these public-reference sources is governed by our Terms of Service § 7 (Data Methodology and Accuracy) and our published methodology. We do not claim a redistribution license from any of these sources; our responsibility model is aggregated-public-reference with explicit user-responsibility for downstream compliance.
Changes to this list
We maintain this list as vendors change. Material changes (adding a new vendor that processes personal data in a new category, or removing a vendor that we had previously named) are reflected here without requiring separate notice, consistent with the "living list" structure referenced in Terms of Service § 13. Subscribers to our Gold Brief newsletter will see subprocessor changes summarized in the first issue after any material update.
If you want explicit notification on subprocessor additions, email support@goldprice.dev with subject prefix [SUBPROCESSOR-ALERTS] and we will add you to the notification list.
Contact
Nusantara Ventures LLC
1401 Pennsylvania Avenue STE 105 1776, Wilmington, DE 19806, USA
Email: support@goldprice.dev with subject prefix [PRIVACY]