Beta
Subprocessors
Current subprocessor and integration-provider overview for hosting, messaging, payments, ads, AI, and operations.
Last updated: May 2, 2026
Provider list
The table below identifies core providers by status, purpose, data category, and region/transfer note. Optional providers only process data when a workspace enables the relevant integration.
| Provider | Status | Purpose | Data | Region / transfer |
|---|---|---|---|---|
| Supabase | Core provider | Authentication, PostgreSQL database, row-level access controls, storage primitives | Account, workspace, CRM, audit, and product data | Configured project region |
| Telegram | Customer-connected integration provider | Messaging transport, bot delivery, Telegram account infrastructure, and optional TDLib personal-session capabilities through customer-connected Telegram credentials | Telegram IDs, usernames, chat content, message metadata as used by connected workspaces | Telegram-controlled infrastructure |
| Stripe; optional PayPal / Digistore24 / Gumroad | Stripe for GramGrow billing; others when customer-configured | GramGrow subscription billing through Stripe, plus optional customer-selected payment processing, checkout, purchase verification, and webhook ingestion | Billing metadata, checkout/session IDs, purchase and webhook records | Provider-controlled regions and transfer safeguards |
| OpenAI / Anthropic / Google Gemini | Optional when customer-configured or plan-enabled | Optional AI drafts, enrichment, auto-reply, and incident assistance when enabled | Prompt context selected by workspace configuration; customer API keys stay encrypted in GramGrow, and platform keys are used only when the plan explicitly enables GramGrow-metered AI | Provider-controlled regions and enterprise terms |
| Hetzner | Core production hosting provider | Container runtime for web, API, workers, Caddy, Redis, and local service volumes in the guarded production deployment path | Application runtime data, service logs, cached queue data, TDLib session volume, and deployment metadata depending on the selected host | Germany |
| Resend | Transactional email provider | Transactional authentication email such as signup confirmation, magic links, invites, password reset, and account security notices | Email address, authentication email metadata, delivery metadata, and message templates | Provider-controlled regions and transfer safeguards |
| Self-hosted observability stack | Operator-controlled operations stack | Metrics, logs, traces, dashboards, alert routing, and public/internal health probes through OpenTelemetry, Prometheus, Loki, Tempo, Grafana, Alloy, Alertmanager, and Blackbox Exporter | Service metrics, container logs, traces, health check results, alert payloads, and operational metadata; secrets must not be logged | Stored on operator-controlled deployment volumes unless an external observability backend is later configured |
Change handling
Subprocessor changes should be published with date, purpose, and objection/contact path before production reliance.