LedgerGuard uses subprocessors to run core infrastructure, billing, email and notifications, monitoring, optional analytics and identity providers, accounting integrations, and optional document-processing capabilities.
These providers may process or store data to deliver the service. Optional rows apply only when the corresponding feature or integration is enabled in your deployment or tenant configuration.
| Vendor | Purpose | Data categories | Region / notes |
|---|---|---|---|
| Amazon Web Services (Textract) | OCR for document text extraction | Document images and PDF content submitted for OCR | — |
| Apple | Identity provider for Sign in with Apple (via Supabase Auth) | OAuth tokens and profile identifiers needed for authentication | — |
| Google (Analytics & Tag Manager) | Website analytics and tag management (Google Analytics 4 / Tag Manager) | Usage and device signals collected under your cookie/consent configuration | Loaded in the browser only when permitted by consent settings. |
| Google (Sign in with Google) | Identity provider for Sign in with Google (via Supabase Auth) | OAuth tokens and profile identifiers needed for authentication | — |
| Hosting provider | Web, API, and worker runtime hosting | Runtime environment data; Operational logs and telemetry | Deployment-specific provider and region; add trust URL in your subprocessors addendum if required. |
| Intuit (QuickBooks) | Accounting system sync and OAuth for QuickBooks Online | OAuth tokens; Mapped vendors, bills, payments, and sync metadata your tenant authorizes | — |
| OpenAI | LLM-assisted structured extraction and embeddings | Document-derived text; Extraction prompts; Embedding inputs where enabled | — |
| PagerDuty | Incident routing for critical operator alerts | Alert titles, descriptions, and routing metadata | — |
| Redis hosting provider | Queue infrastructure for BullMQ jobs | Job payload metadata (organization and document identifiers; processing pointers) | Deployment-specific provider and region; add trust URL in your subprocessors addendum if required. |
| Resend | Transactional email, weekly digests, and support inbox inbound/outbound mail | Email addresses; Message content; Inbound webhook metadata | — |
| Sentry | Error monitoring and performance tracing | Application error telemetry; Operational trace metadata | — |
| Slack | Operational alerts to a workspace webhook | Alert summaries and diagnostic context posted to the configured channel | — |
| Stripe | Payment processing, checkout, and subscription billing | Billing identifiers; Payment method references; Subscription and invoice state | — |
| Supabase | Database, authentication (including SAML and OAuth flows), and object storage | User identity; Tenant metadata; Document files and extracted records | — |
Questions about subprocessors or data handling can be sent to support. support@ledgerguard.io.