Subprocessors
Third-party services that support authentication, billing, and public website operations.
Blur keeps its vendor surface small. The services listed below are used for account management, billing, and site delivery. None of these vendors are involved in prompt scanning, detection, or masking.
Current subprocessors
| Vendor | Purpose | Data processed |
|---|---|---|
| Supabase | Authentication, organization membership, and session management | User email addresses, organization IDs, session tokens |
| Stripe | Billing, subscription state, and invoice handling | Payment methods, billing addresses, subscription metadata |
| Vercel | Website hosting, deployment delivery, and privacy-friendly web analytics | Static site assets, server-rendered pages, and cookieless, aggregated website usage telemetry (page views, referrers, approximate location) |
Scope of processing
These vendors support product operations only. Blur does not send prompt contents, detection results, or any user-generated text to these services for inspection, storage, or processing as part of its redaction workflow.
Each vendor is selected for its strong security posture and compliance certifications:
- Supabase maintains SOC 2 Type II compliance and encrypts data at rest and in transit
- Stripe is PCI DSS Level 1 certified, the highest level of certification in the payment industry
- Vercel provides enterprise-grade hosting with automatic HTTPS, DDoS protection, and edge caching. Vercel Web Analytics is cookieless and does not track visitors across sites; it collects aggregated page-level metrics only and never receives prompt content or detection data.
Vendor change policy
Vendor changes that materially affect customer data handling will be reflected on this page as the platform evolves. For enterprise customers with specific vendor approval requirements, we are happy to discuss our vendor selection process. Contact maya@blurprivacy.app for details.