Last updated: February 18, 2026
Grepture uses the following third-party services (“subprocessors”) to operate the platform. All subprocessors are hosted in the European Union. No customer data leaves the EU.
We will update this page whenever we add or remove a subprocessor. If you would like to be notified of changes, contact us at hello@grepture.com.
Database (PostgreSQL) and user authentication
User accounts, team data, rules, traffic logs, API keys, session tokens
Redis for rate limiting, quota tracking, caching, and AI sampling counters
Team IDs, request counters, rule cache, tokenized values (encrypted, with TTL)
Payment processing and subscription management
Billing details, payment methods, invoices, subscription status
Hosting for the dashboard (Next.js app) and marketing site
HTTP requests to the dashboard and marketing site, session cookies
Hosting for the Grepture proxy and AI detection models
API traffic flowing through the proxy, AI model inference data (processed in-memory, not persisted in zero-data mode)
Transactional email delivery (invitations, notifications, security alerts)
Email addresses, email content (invitation links, password resets, billing notifications)
Privacy-friendly web analytics for the marketing site
Page views, referral sources, browser and device type (no cookies, no personal data, fully anonymized)
Product analytics for the marketing site and dashboard
Anonymized usage events, feature interactions, page views, session data
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| Supabase | Database (PostgreSQL) and user authentication | User accounts, team data, rules, traffic logs, API keys, session tokens | EU (Frankfurt, Germany) |
| Upstash | Redis for rate limiting, quota tracking, caching, and AI sampling counters | Team IDs, request counters, rule cache, tokenized values (encrypted, with TTL) | EU (Frankfurt, Germany) |
| Stripe | Payment processing and subscription management | Billing details, payment methods, invoices, subscription status | EU (Dublin, Ireland) |
| Vercel | Hosting for the dashboard (Next.js app) and marketing site | HTTP requests to the dashboard and marketing site, session cookies | EU (Frankfurt, Germany) |
| Hetzner | Hosting for the Grepture proxy and AI detection models | API traffic flowing through the proxy, AI model inference data (processed in-memory, not persisted in zero-data mode) | EU (Falkenstein & Nuremberg, Germany) |
| Resend | Transactional email delivery (invitations, notifications, security alerts) | Email addresses, email content (invitation links, password resets, billing notifications) | EU (Frankfurt, Germany) |
| Pirsch | Privacy-friendly web analytics for the marketing site | Page views, referral sources, browser and device type (no cookies, no personal data, fully anonymized) | EU (Germany) |
| PostHog | Product analytics for the marketing site and dashboard | Anonymized usage events, feature interactions, page views, session data | EU (Frankfurt, Germany) |
All infrastructure is hosted in the EU
Every subprocessor listed above processes data exclusively within European Union data centers. If you enable zero-data mode, request and response content is processed in-memory only and never written to disk by any subprocessor.
The Grepture proxy is fully open source. You can audit exactly what data flows through the proxy and how it is processed by reviewing the source code on GitHub.
Questions about our subprocessors or data processing? Contact us at hello@grepture.com.