Skip to content
PlasmidStudio
Get started free

Subprocessors

Last updated: April 2026

Third-party service providers

We use the following third-party service providers (subprocessors) to operate PlasmidStudio. Each has their own privacy policy and security practices, linked below. We review these providers periodically and will update this page when the list changes.

For our general data practices, see the Privacy Policy. For our security practices, see the Security page.

Current providers

Supabase

Database + authentication

Purpose: Stores user accounts, constructs, AI chat rollups, and waitlist entries. Handles magic-link login.

Data handled: Email address, authentication tokens, construct data (sequences, features, primers, annotations), usage aggregates.

Privacy policy: https://supabase.com/privacy

Vercel

Hosting + edge functions

Purpose: Serves the web application and marketing site; runs server-side API routes.

Data handled: IP address, request logs, HTTP headers.

Privacy policy: https://vercel.com/legal/privacy-policy

PostHog

Product analytics

Purpose: Understand feature usage and user flows to improve the product.

Data handled: Anonymized user ID, email domain (derived from email — not the full email), session events, page views.

Privacy policy: https://posthog.com/privacy

Google Analytics 4

Traffic analytics

Purpose: Understand how visitors find PlasmidStudio and measure marketing effectiveness.

Data handled: IP address (truncated), page views, referrer, session duration.

Privacy policy: https://policies.google.com/privacy

Sentry

Error tracking

Purpose: Detect and diagnose bugs. Helps us identify and fix production errors quickly.

Data handled: Error stack traces, browser/OS metadata, anonymized user ID. Does not capture construct content.

Privacy policy: https://sentry.io/privacy/

Stripe

Payment processing

Purpose: Process subscription and one-time payments if you purchase a paid plan.

Data handled: Name, billing address, payment method. Payment card data is handled directly by Stripe and is never stored on our servers.

Privacy policy: https://stripe.com/privacy

Resend

Transactional email

Purpose: Deliver magic-link authentication emails and account-related notifications.

Data handled: Email address, email content (magic-link tokens, account notifications).

Privacy policy: https://resend.com/legal/privacy-policy

Railway

Backend infrastructure

Purpose: Runs internal orchestration services that support the application.

Data handled: Application logs, request metadata.

Privacy policy: https://railway.com/legal/privacy

Trigger.dev

Background job orchestration

Purpose: Runs asynchronous pipeline tasks and scheduled jobs.

Data handled: Job metadata, execution logs.

Privacy policy: https://trigger.dev/legal/privacy

Anthropic, OpenAI, and configured AI providers

AI inference

Purpose: Power the AI chat assistant and cloning advice features. Only the provider(s) you have selected (or the default configured for your account) receive requests.

Data handled: Chat messages and context you send to the AI assistant during your session. Some providers may retain data briefly for abuse monitoring per their policies — see each provider below.

Privacy policy: https://www.anthropic.com/legal/privacy (Anthropic) · https://openai.com/policies/privacy-policy/ (OpenAI)

Changes

When we add, remove, or change a subprocessor we will update this page and revise the "Last updated" date above. For material changes that affect how your data is processed, we will notify active users by email.

Questions about our subprocessors? Contact us at hello@plasmidstudio.ai