Subprocessors
Last updated: May 10, 2026
Knightian Labs Pte Ltd (“we”, “us”, or “our”) uses the third-party services listed on this page to operate the Bridge Town platform. Each service acts as a data subprocessor — it receives, stores, or processes personal data on our behalf in order for us to deliver the Service.
We review this list when we onboard a new vendor. If you have questions about any subprocessor, contact privacy@bridgetown.builders.
Production Subprocessors
| Vendor | Service | Data Processed | Primary Region | Retention / Deletion |
|---|---|---|---|---|
| Auth0 (Okta) | Authentication and identity management | Email address, display name, OAuth tokens, session metadata | US (Okta US region) | Deleted within 30 days of account closure on request |
| Amazon Web Services (AWS) | Cloud infrastructure — compute (ECS Fargate), relational database (RDS PostgreSQL), object storage (S3), caching (ElastiCache), CDN (CloudFront), audit logging (CloudWatch) | All data at rest and in transit | us-east-1 (primary). Data does not leave AWS US regions without explicit configuration | Per product retention schedules; infrastructure logs retained up to 12 months |
| Anthropic | AI-assisted model authoring and analysis (Claude API) | Prompt text and model source code submitted during AI-assisted editing features. No financial model data is stored by Anthropic; prompts are processed transiently | US | Not retained beyond the API request lifecycle per Anthropic’s enterprise API terms |
| Google (OAuth 2.0 / Google Sheets) | Social login; optional Google Sheets data integration | OAuth profile (email, display name) for social login; spreadsheet content you explicitly connect to Bridge Town models | US | OAuth tokens revoked on account closure; Sheets access removed when integration is disconnected |
| PostHog | Product analytics and session insights | Anonymised usage events, page views, session duration, browser/device metadata. No financial model content | US (us.i.posthog.com) | Analytics retained up to 2 years in aggregated form; cookies persist up to 1 year |
| Stripe | Payment processing and billing | Billing contact name, email, payment method token (card details are handled end-to-end by Stripe; we never see raw card numbers) | US | Billing records retained 7 years as required by law |
| Resend | Transactional email (account notifications, password reset, billing receipts) | Email address and the content of service notifications | US | Message logs retained up to 30 days |
| Gitea (self-hosted) | Internal Git hosting for tenant model repositories | Model source code, commit history, and metadata for all tenant projects | AWS us-east-1 (within our own infrastructure) | Deleted within 30 days of account closure on request |
Data Categories Summary
| Category | Example data | Processed by |
|---|---|---|
| Identity and authentication | Email, display name, OAuth tokens | Auth0, Google OAuth |
| Infrastructure and operational | All platform data at rest and in transit | AWS |
| AI prompt context | Model code and prompts during AI features | Anthropic |
| Financial model content | Python model code, CSV/Parquet snapshots, query results | AWS (storage/compute), Gitea |
| Usage analytics | Anonymised page views and feature interactions | PostHog |
| Billing data | Contact details and payment tokens | Stripe |
| Service notifications | Email address and notification content | Resend |
We do not process special-category personal data (health, biometric, racial or ethnic origin, etc.) and do not invite or expect customers to upload such data.
Data Regions
All production infrastructure runs in AWS us-east-1. Auth0 processes identity data in the Okta US region. Anthropic processes AI prompts in the US under their enterprise API terms. PostHog routes analytics to the US PostHog cloud (us.i.posthog.com). Stripe and Resend are headquartered in the US.
If your organisation requires EU data residency, contact sales@bridgetown.builders to discuss options. EU-resident data residency is not available as a standard product tier at this time.
Retention and Deletion
| Data type | Retention period | Notes |
|---|---|---|
| Account and identity data | Duration of subscription + 90 days | Kept briefly to allow account recovery |
| Financial model data | Deleted within 30 days of account closure on request | Includes Git history in Gitea |
| Usage analytics | Up to 2 years (aggregated, anonymised) | PostHog analytics only |
| Billing records | 7 years | Legal / accounting requirement |
| Infrastructure logs | Up to 12 months | CloudWatch audit and application logs |
| AI prompt context | Not retained beyond API request | Anthropic enterprise API terms |
To request deletion of your data, email privacy@bridgetown.builders with the subject line “Data Deletion Request”.
Future Processor Review Checklist
Before adding a new subprocessor to production, complete the following review and update this page:
- Purpose: Is the vendor’s purpose clearly scoped? Can it be fulfilled by an existing vendor?
- Data minimisation: Have you confirmed the minimum data categories required for the integration?
- Region: Does the vendor’s primary processing region match our data residency commitments?
- DPA: Has a Data Processing Agreement or equivalent been signed? (Required for GDPR-scoped vendors.)
- Security posture: Has the vendor’s security documentation (SOC 2 report, pen test summary, security questionnaire) been reviewed?
- Retention: Are the vendor’s data retention and deletion terms documented and consistent with our privacy policy?
- Subprocessors page: Has this page been updated before the vendor’s integration goes live?
- Privacy policy: If the new vendor introduces a new data category, has the privacy policy been updated?
- Internal record: Has the DPA and security artefact been filed in the company’s legal records?
Contact
Questions about this list? Email privacy@bridgetown.builders.
For DPA requests or security review enquiries, see our Security and Compliance page.