Last updated: June 28, 2026
SeaOtter uses the third-party providers below to deliver the service. We engage each as a sub-processor under a data processing agreement, hold them to confidentiality and security obligations, and only use them for the purpose stated. Our customer-facing Data Processing Agreement is available on request and references this list.
| Sub-processor | Purpose | Region |
|---|---|---|
| Google Cloud Platform | Hosting & infrastructure (compute, storage, networking) | United States |
| Supabase | Managed PostgreSQL database | United States |
| Resend | Transactional & notification email | United States |
| OpenAI | LLM inference (critic / orchestration) | United States |
| Anthropic | LLM inference (critic / review) | United States |
| Firebase (Google) | Authentication & identity | United States |
| Stripe | Billing & payment processing | United States |
| Google Vertex AI | LLM inference (hosted models) | United States |
We update this page before a new sub-processor begins processing customer personal data. Customers with a signed DPA may subscribe to advance notice of changes and have the right to object to a new sub-processor on reasonable data-protection grounds, as set out in the DPA. For enterprise on-premises and bring-your-own-cloud deployments, your raw work stays inside your boundary and is not sent to these sub-processors without your consent.
Questions about our sub-processors or to request the DPA, email privacy@seaotter.ai.