Sub-Processor List
middleBrick uses the following sub-processors to deliver the service. Changes are announced at least 30 days in advance. Subscribe to the RSS feed for automatic notifications.
| Sub-Processor | Purpose | Region | Since |
|---|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, compute, database, storage | Global (edge) | 2025-12 |
| Stripe, Inc. | Payment processing, subscription billing | US | 2026-01 |
| Resend, Inc. | Transactional email delivery | US | 2026-02 |
| Google LLC | OAuth identity provider (optional, user-initiated) | US | 2026-01 |
| GitHub, Inc. | OAuth identity provider (optional, user-initiated) | US | 2026-03 |
What is NOT a sub-processor
- Customer-side identity providers (Okta, Azure AD, etc.) — configured by the customer; middleBrick does not control or initiate data flows to these systems
- Cloudflare Workers AI — runs on Cloudflare infrastructure already listed above; no separate data transfer
Data flow summary
- Customer API scan data stays within Cloudflare (Workers + D1 + R2). Never routed to external AI providers.
- Stripe receives billing information only (email, card via Stripe.js — card numbers never touch our servers).
- Resend receives email addresses for transactional notifications only.
- OAuth providers receive authentication redirects only when the user initiates login.
Questions about our sub-processors? Contact [email protected].