Legal

Subprocessors

Last updated: May 24, 2026

ExpiresOS uses the vendors below to deliver the service. Each one processes customer data only on our written instructions and is bound by an underlying data processing agreement. We update this list when we add, remove, or replace a subprocessor.

VendorPurposeDataLocation
ClerkAuthentication, MFA, and user identityEmail, name, profile photo, session metadataUnited States
SupabaseApplication database and document storageAll application data, including uploaded documentsUnited States (us-east-1)
RenderApplication hosting and the OCR microserviceServer-side request data, application logsUnited States
AnthropicAI extraction of dates and fields from uploaded documentsText content of a document at the moment it is processed; not retained by Anthropic beyond the requestUnited States
StripePayment processing for paid plansBilling identifiers and card data (handled entirely by Stripe)United States and global
ResendTransactional email — reminders and account emailRecipient email address and message contentsUnited States
TwilioSMS reminder deliveryRecipient phone number and message contentsUnited States and global

Notice of changes

We post additions or replacements here at least 30 days before they take effect, unless a faster change is required for security or continuity. To receive these notices by email, write to privacy@expiresos.com asking to subscribe.