Last updated: April 14, 2026
SessionForge (operated by Support Forge LLC) uses the following third-party services to deliver the product. Each subprocessor has been selected for its security posture and contractual commitments around data protection. See our Privacy Policy and Security page for full context.
| Subprocessor | Purpose | Data handled | Region |
|---|---|---|---|
| Google Cloud (GCP) | Application hosting (Cloud Run), database (Cloud SQL PostgreSQL), object storage (Cloud Storage), secret management (Secret Manager) | All customer and application data — account records, sessions, machine metadata, session recordings, logs | us-central1 (Iowa, US) |
| Upstash | Redis — rate limiting, session recording buffer, IP allowlist cache | Login attempt counters, session frame buffers (short-lived), allowlist CIDR cache | Nearest available region (US by default) |
| Stripe | Payment processing, billing, subscription management | Billing plan, last 4 digits of card, Stripe customer and subscription IDs. Full card data handled directly by Stripe — never stored on SessionForge systems. | US |
| Resend | Transactional email delivery (verification, password reset, invites, billing receipts) | Email addresses, email content, delivery metadata | US |
| Sentry | Error and exception monitoring | Stack traces, browser/runtime metadata, request paths, occasionally authenticated user ID for correlation | US |
| Google OAuth | Optional sign-in provider | Name, email, profile picture URL from users who choose Google sign-in | US |
| GitHub OAuth | Optional sign-in provider | Name, email, profile picture URL from users who choose GitHub sign-in (scope: read:user user:email) | US |
We will update this page at least 14 days before engaging a new subprocessor that handles customer data. For material changes, organizations on Team and Enterprise plans will receive an email notice to the billing contact.
Data processing agreements (DPAs) are available on request. Email perry@support-forge.com.