Legal — Sub-Processors

The vendors behind Setell.

These are the service providers Setell uses to operate our platform. Each processes customer data on our behalf under a signed Data Processing Addendum.

Effective

May 19, 2026

Notification window

Minimum 30 days' advance notice of additions or replacements.

Subscribe to updates

subprocessor-updates@setell.ai

Sub-Processor Register

Active sub-processors

Setell engages the following sub-processors to deliver the service. Each is bound by a signed Data Processing Addendum and flow-down obligations no less protective than those Setell undertakes to its customers.

Amazon Web Services, Inc.

Service

Application hosting (Amplify, Lambda), S3 object storage for artifacts and contract PDFs, EventBridge cron, CloudWatch logs

Data shared

All customer data in transit; encrypted at rest for stored artifacts and contracts

Region

United States (us-east-1)

Last reviewed

2026-05-17

View DPA →

Neon, Inc.

Service

Primary PostgreSQL 16 database with pgvector extension

Data shared

All persisted customer business records; OAuth tokens stored encrypted

Region

United States (AWS us-east-2)

Last reviewed

2026-05-17

View DPA →

Anthropic, PBC

Service

Claude API inference for AI agent, quote drafting, revision engine, brand extraction, and customer-memory extraction

Data shared

Email bodies and metadata for inbound parsing; quote text; user prompts; line-item descriptions; uploaded artifact bytes (vision). Anthropic does not use API inputs to train its models.

Region

United States

Last reviewed

2026-05-17

View DPA →

OpenAI, L.L.C.

Service

Vector embeddings for similarity search; fallback voice transcription

Data shared

Job descriptions and line-item text (embeddings); raw audio for transcription when fallback is engaged. OpenAI does not use API inputs to train its models.

Region

United States

Last reviewed

2026-05-17

View DPA →

Groq, Inc.

Service

Primary voice transcription for the Setell agent

Data shared

Raw audio bytes; cleared after transcription

Region

United States

Last reviewed

2026-05-17

View DPA →

Google LLC

Service

Gmail API for OAuth-scoped read, send, and modify; Google Cloud Pub/Sub for new-mail push notifications; Google OAuth for sign-in

Data shared

OAuth access and refresh tokens (encrypted at rest); customer email bodies, headers, and message IDs in scope of the connected mailbox

Region

United States / global

Last reviewed

2026-05-17

View DPA →

Intuit Inc. (QuickBooks Online)

Service

OAuth-scoped QuickBooks Online REST API for customer, estimate, invoice, item, and payment sync; QuickBooks webhooks

Data shared

OAuth tokens (encrypted at rest); customer, estimate, invoice, item, and payment records synced in both directions

Region

United States

Last reviewed

2026-05-17

View DPA →

Stripe, Inc.

Service

Payment processing, subscription billing, Stripe Customer Portal, billing webhooks

Data shared

Customer name and email on the Stripe Customer object; plan IDs; payment amounts; quote-payment metadata. Setell never receives or stores card numbers; Stripe is PCI DSS Level 1 certified.

Region

United States / global

Last reviewed

2026-05-17

View DPA →

Slack Technologies, LLC

Service

OAuth-scoped Slack Web API for owner notifications to a configured channel

Data shared

Bot token (encrypted at rest); workspace and team identifiers; notification text

Region

United States

Last reviewed

2026-05-17

View DPA →

Resend, Inc.

Service

Transactional email — magic-link sign-in and system notifications

Data shared

Recipient email address; magic-link bearer token; plain-text message body for the magic-link flow

Region

United States

Last reviewed

2026-05-17

View DPA →

Functional Software, Inc. (Sentry)

Service

Application error and performance monitoring

Data shared

Error stack traces; request paths and statuses; user ID only (no email). Auth tokens are fingerprinted (one-way hashed) before any log line is sent.

Region

United States

Last reviewed

2026-05-17

View DPA →

Finto Technologies GmbH (Langfuse)

Service

AI observability — traces of model calls for the agent, quote drafting, and the revision engine

Data shared

Model input prompts and completion text (identical to what is sent to the model vendor); trace metadata including user ID, job ID, and tool name

Region

United States or European Union (configurable)

Last reviewed

2026-05-17

View DPA →

Upstash, Inc.

Service

Redis for rate-limit counters, advisory locks, and webhook idempotency fast-path

Data shared

Per-user rate-limit counters keyed by user ID; webhook event IDs. No PII; no secrets.

Region

United States (global edge)

Last reviewed

2026-05-17

View DPA →

PostHog Inc.

Service

Product analytics for activation, retention, and funnel events

Data shared

Anonymous distinct ID; identified user ID only (never email); page views; feature flag evaluations; structured product events

Region

United States (us.i.posthog.com)

Last reviewed

2026-05-17

View DPA →

Twilio Inc.

Service

Outbound SMS notifications for customer-facing quote, signature, and payment events (optional)

Data shared

Recipient phone number (E.164); message body containing job or quote context

Region

United States

Last reviewed

2026-05-17

View DPA →

Jobber Software Inc.

Service

OAuth-scoped Jobber REST and GraphQL API for historical-jobs ingestion (only when a customer connects it)

Data shared

OAuth tokens (encrypted at rest); Jobber Job, Quote, Invoice, and Customer records pulled into local job memory

Region

United States

Last reviewed

2026-05-17

View DPA →

ServiceTitan, Inc.

Service

OAuth-scoped ServiceTitan REST API for historical-jobs ingestion (only when a customer connects it)

Data shared

OAuth tokens and per-tenant application key (encrypted at rest); ServiceTitan invoice and customer records pulled into local job memory

Region

United States

Last reviewed

2026-05-17

View DPA →

Change Notifications

How we notify you of changes

Advance notice

Setell will provide at least thirty (30) days' advance notice of the addition or replacement of any sub-processor that processes customer Personal Data. Notice is given by updating this page and by email to anyone subscribed via the address below. The “Effective” date at the top of this page is the canonical version stamp.

Customers and authorized representatives may subscribe to sub-processor change notifications by emailing subprocessor-updates@setell.ai from the address you would like to receive notifications on. You may unsubscribe at any time using the same address.

Right to object

Where the underlying service agreement or applicable DPA grants the customer a right to object to a new sub-processor, that right may be exercised during the notification period. Setell will work with the customer in good faith to resolve reasonable, data-protection-based objections.

Sub-processor chain

Each sub-processor itself relies on further sub-processors governed by its own published list. Material changes propagate to Setell through the contractual flow-down clauses of each executed Data Processing Addendum.

Contact

Questions or objections

For questions about a specific sub-processor, an objection to a planned change, or general privacy inquiries, contact us.

Privacy & data rightsprivacy@setell.ai

Sub-processor updatessubprocessor-updates@setell.ai

Security concernssecurity@setell.ai

Last updated: May 19, 2026.
This page is the canonical sub-processor register for Setell.