BETANew York --:--  ·  Paris --:--  ·  Milan --:--  ·  London --:--  ·  Tokyo --:--  ·  THE STUDIO IS LIVE  ·  
Security

Subprocessors.

These are the third-party providers ONTHEBIAS relies on to deliver the platform. Each receives only the data required to perform its function. If you have a question about any of them, email security@onthebias.co and we will help.

Supabase
Database, authentication, and file storage.
Account records, workspace data, projects, conversations, and uploaded assets.
United States
SOC 2 Type IIHIPAA-eligible
Vercel
Application hosting and edge network.
Request metadata and cached static content.
United States / global edge
SOC 2 Type IIISO 27001
Anthropic
AI generation and OBIE chat.
Prompts, uploaded images, and generated output - no-training commercial API.
United States
SOC 2 Type II
Google (Gemini)
AI image and content generation.
Prompts, uploaded images, and generated output - no-training commercial API.
United States
SOC 2 Type IIISO 27001ISO 27017ISO 27018
Stripe
Payment processing and subscription billing.
Billing contact, payment tokens, and transaction records. Full card numbers never reach our servers.
United States
PCI DSS Level 1SOC 2 Type IIISO 27001
AWS S3
Object storage for the legacy asset library.
Library assets, generated files, and tech-pack PDFs.
United States (us-east-2)
SOC 2 Type IIISO 27001PCI DSS Level 1
Resend
Transactional email delivery.
Recipient email address and message content for confirmations, magic links, and order updates.
United States
SOC 2 Type II
Upstash (QStash)
Background job queue and scheduling.
Job payloads and queue metadata for asynchronous processing.
United States / global
SOC 2 Type II
Liveblocks
Real-time canvas collaboration and comments.
Canvas presence, edits, and comment content for shared projects.
United States
SOC 2 Type II
PostHog
Product analytics.
De-identified usage events and feature interactions.
United States
SOC 2 Type II
Sentry
Error monitoring.
Stack traces and diagnostic metadata. No identifying cookies set.
United States
SOC 2 Type IIISO 27001
SerpAPI
Image search for tech-pack bills of materials.
Search queries issued during tech-pack assembly.
United States
SOC 2 Type II
Slack
Internal operations and support notifications.
Operational alerts and support metadata. No customer design content.
United States
SOC 2 Type IIISO 27001