Legal

Sub-processors

Last updated: June 2026

A sub-processor is a third party we engage that may process personal data of our users in order to provide the Pocketwatch service. We require each to offer at least the same level of data protection we commit to.

Sub-processorPurposeData processedLocation
VercelApplication hosting, edge delivery, first-party analyticsRequest metadata, account data in transit, anonymized analyticsUnited States
NeonManaged Postgres database (primary data store)All account and financial data at restUnited States
StripeSubscription billing and paymentsName, email, billing details, payment metadataUnited States
TwilioSMS one-time passcodes (MFA / verification)Phone number, message metadataUnited States
ResendTransactional email deliveryEmail address, message contentUnited States
SentryError monitoring and performance tracingDiagnostic event data (personal data scrubbed before send)United States
GoogleSign in with Google, ad conversion measurementEmail, OAuth identifier; ad identifiers (only with consent)United States
PlaidBank account aggregation (US/CA only; not offered to EU/EEA/UK)Bank account and transaction data for linked accountsUnited States
Twelve DataMarket data for investment holdingsNo personal data - security symbols onlyUnited States
CoinGeckoCryptocurrency market data for crypto holdingsNo personal data - crypto asset identifiers onlySingapore

International transfers

Where data is transferred from the EEA or UK, we rely on the EU Standard Contractual Clauses (and the UK Addendum) incorporated into each sub-processor's data processing agreement. Bank aggregation is not offered to EU/EEA/UK users, so no EU banking data is shared with Plaid.

Contact

Questions about sub-processors or data protection: privacy@pocketwatch.io