Subprocessors
Last updated April 27, 2026
The Bird Bath Terminal uses the third-party services listed below to operate the platform. Each subprocessor has access only to the data necessary to perform its function and is bound by its own data-protection commitments.
If you have questions about a specific subprocessor or need a Data Processing Agreement (DPA), email ryan@first100.io.
Active subprocessors
| Subprocessor | Function | Data exposed | Region |
|---|---|---|---|
| Render render.com |
Web hosting + Postgres database | All account data, session tokens, audit logs, encrypted at rest | US (Oregon) |
| Cloudflare cloudflare.com |
CDN, TLS termination, WAF | HTTP request metadata (IP, user-agent, URL); no body inspection | Global edge |
| Stripe stripe.com |
Subscription billing + payment processing | Customer email, billing address, payment method (handled directly by Stripe; we never see card numbers) | US |
| Anthropic anthropic.com |
AI processing for Ask Terminal natural-language queries | Your chat questions (without identity); no result data is sent back to Anthropic for training | US |
| Google Workspace (Gmail SMTP) workspace.google.com |
Transactional email delivery (password resets, security alerts) | Your email address + the message body | US |
| Google Fonts fonts.google.com |
Typography (DM Sans) | HTTP referer + IP at font load time only | Global |
Notification of changes
If we add or change subprocessors that materially affect customer data handling, we will update this page and notify subscribed customers by email at least 14 days before the change takes effect (subject to good-faith effort; emergency security changes may be deployed immediately and notified after).
Customer audits
Enterprise customers may request a current copy of our subprocessor list with their DPA. Email ryan@first100.io.