Legal
Sub-processors
Last updated: June 2026
A sub-processor is a third party we engage that may process personal data of our users in order to provide the Pocketwatch service. We require each to offer at least the same level of data protection we commit to.
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Vercel | Application hosting, edge delivery, first-party analytics | Request metadata, account data in transit, anonymized analytics | United States |
| Neon | Managed Postgres database (primary data store) | All account and financial data at rest | United States |
| Stripe | Subscription billing and payments | Name, email, billing details, payment metadata | United States |
| Twilio | SMS one-time passcodes (MFA / verification) | Phone number, message metadata | United States |
| Resend | Transactional email delivery | Email address, message content | United States |
| Sentry | Error monitoring and performance tracing | Diagnostic event data (personal data scrubbed before send) | United States |
| Sign in with Google, ad conversion measurement | Email, OAuth identifier; ad identifiers (only with consent) | United States | |
| Plaid | Bank account aggregation (US/CA only; not offered to EU/EEA/UK) | Bank account and transaction data for linked accounts | United States |
| Twelve Data | Market data for investment holdings | No personal data - security symbols only | United States |
| CoinGecko | Cryptocurrency market data for crypto holdings | No personal data - crypto asset identifiers only | Singapore |
International transfers
Where data is transferred from the EEA or UK, we rely on the EU Standard Contractual Clauses (and the UK Addendum) incorporated into each sub-processor's data processing agreement. Bank aggregation is not offered to EU/EEA/UK users, so no EU banking data is shared with Plaid.
Contact
Questions about sub-processors or data protection: privacy@pocketwatch.io