TrustReply
Sign inGet early access
Sub-processors

The companies we trust with your data.

We work with a small, deliberate set of sub-processors. Each one is contracted to the same data-protection standards we apply to ourselves under our Data Processing Addendum.

Last updated: May 28, 2026

LLM API (drafting answers from your KB, stateless mode)
Question text, retrieved KB chunks, system prompts. Returned drafts and citations. No retention by Anthropic.
United States
Active
PostgreSQL database, object storage, authentication
All Customer Content (KB documents, questionnaires, drafts), account data, authentication credentials (hashed).
United States / European Union
Active
Application hosting, edge runtime, CDN, static asset delivery
HTTP request and response data, IP addresses, server logs. Transient — not used to store Customer Content.
United States / Global (edge network)
Active
Resend, Inc.
Transactional email delivery (receipts, security alerts, account notices)
Recipient email address, subject, message body, send-status metadata.
United States
Active
Payment processing, billing, invoicing
Billing name, address, VAT/tax ID, payment-method metadata. Card numbers are handled by Stripe and never touch TrustReply servers.
United States / Global
When enabled
Change-notification policy

30 days. No surprises.

We give at least 30 days' notice before adding or replacing a sub-processor that handles Customer Content. Notification is delivered by email to the address on file and via in-product notice.

Customers can object to a new sub-processor in writing on reasonable, documented data-protection grounds within 30 days of the notice. The full process is described in Section 7 of the DPA.

If we can't accommodate your objection, you may terminate the affected portion of the service for convenience and receive a pro-rata refund of prepaid fees for the unused portion of the term.

Stay informed

Get notified when this list changes.

Email privacy@trustreply.appwith the subject line “Subscribe to sub-processor notifications” and we'll add you to the notice list.

We're building an automated subscription form. Until then, the manual approach is — fittingly — what we'd send a security questionnaire about.