Subprocessors
Third-party services that support authentication, billing, and public website operations.
Blur keeps its vendor surface small. The services listed below are used for account management, billing, and site delivery. None of these vendors are involved in prompt scanning, detection, or masking.
Current subprocessors
| Vendor | Purpose | Data processed |
|---|---|---|
| Supabase | Authentication, organization membership, and session management | User email addresses, organization IDs, session tokens |
| Stripe | Billing, subscription state, and invoice handling | Payment methods, billing addresses, subscription metadata |
| Vercel | Public website hosting and deployment delivery | Static site assets, server-rendered pages (no user data) |
Scope of processing
These vendors support product operations only. Blur does not send prompt contents, detection results, or any user-generated text to these services for inspection, storage, or processing as part of its redaction workflow.
Each vendor is selected for its strong security posture and compliance certifications:
- Supabase maintains SOC 2 Type II compliance and encrypts data at rest and in transit
- Stripe is PCI DSS Level 1 certified, the highest level of certification in the payment industry
- Vercel provides enterprise-grade hosting with automatic HTTPS, DDoS protection, and edge caching
Vendor change policy
Vendor changes that materially affect customer data handling will be reflected on this page as the platform evolves. For enterprise customers with specific vendor approval requirements, we are happy to discuss our vendor selection process. Contact maya@blurprivacy.app for details.