Trust & compliance
Subprocessors
Last updated: June 6, 2026. These vendors process data on our behalf to deliver Base. We require contractual data protection commitments from each.
When you use Base, your data may be processed by the subprocessors below. This list covers vendors that typically handle customer workspace data or authentication. Marketing-site-only tools (e.g., GA4 on runonbase.com) are included where they may receive visitor identifiers.
For Google OAuth-connected data, see the Google API Services section of our Privacy policy. Enterprise customers can request a DPA at conor@orbitlane.co.
| Vendor | Purpose | Data types | Region |
|---|---|---|---|
| Amazon Web Services (AWS) | Application hosting, object storage, and infrastructure | Account data, client workspace data, integration tokens (encrypted) | United States |
| Supabase | Managed Postgres database, authentication, and file storage | Account data, workspace data, integration metadata | United States |
| Vercel | Marketing site and application deployment | Request logs, deployment metadata | United States |
| Google Analytics (GA4) | Aggregate marketing site analytics | Page views, device/browser info, referral source (marketing site only) | United States / global |
| Google Cloud / Google APIs | OAuth-connected services when agencies connect Google (Drive, Gmail, Ads, Analytics) | Only data the agency authorizes via OAuth scopes — see Privacy policy (Google API Services section) | United States / global |
| Stripe | Subscription billing and payment processing | Billing contact, payment method metadata, invoice records | United States |
Changes to this list
We will update this page when we add or replace subprocessors that process customer data. Material changes will be communicated to active customers via email or in-product notice where appropriate.
Contact
Questions about subprocessors or DPAs: conor@orbitlane.co.