Sub-processors

Last updated: May 25, 2026

This page lists the third-party service providers that may process customer data on behalf of ApprovalWhisper (a Clear Garment AI product). We disclose each sub-processor by name, service, data scope, processing location, and certifications. We provide at least 30 days’ advance notice — via support@approvalwhisper.com and updates to this page — before any new sub-processor is added or any material change is made to an existing sub-processor.

Active Sub-processors

Vercel

Service: Hosting, edge network, serverless functions for approvalwhisper.com.

Data scope: Customer requests and responses transit Vercel edge; image and scan payloads are not retained beyond the active transaction.

Location: US, global edge.

Certifications: SOC 2 Type 2.

Amazon Web Services (sub-sub-processor via Vercel)

Service: Underlying compute and storage infrastructure for the Vercel edge platform.

Data scope: Same payload scope as Vercel for request and response transit.

Location: US, global.

Certifications: SOC 1 / 2 / 3, ISO 27001, ISO 27017, ISO 27018, FedRAMP, PCI-DSS.

Stripe

Service: Payment processing for ApprovalWhisper subscriptions and one-time purchases (Test and Live mode).

Data scope: Customer billing data and payment information. ApprovalWhisper PCI scope is SAQ-A (Stripe-hosted elements; no card data touches our servers).

Location: US, global.

Certifications: PCI-DSS Level 1, SOC 1 / SOC 2 Type 2, ISO 27001.

Resend

Service: Transactional email delivery (account notifications, password resets, scan-completion alerts, support replies).

Data scope: Recipient email address; email subject and body; metadata for delivery tracking.

Location: US, global.

Certifications: SOC 2 Type 2.

Upstash

Service: Managed Redis key-value store for rate-limiting, session state, and queue data.

Data scope: Operational records (request counters, session tokens, queue entries). No image payloads are stored.

Location: US.

Certifications: SOC 2 Type 2.

Google Cloud Platform — Cloud Vision API (Web Detection)

Service: Reverse image search against public web sources to improve authentication accuracy.

Data scope: The uploaded scan image only. No user account identifiers, billing data, or other PII are sent to the provider. Response results (web matches, similar images) are stored with the scan record for 30 days.

Location: US, global.

Certifications: SOC 1 / 2 / 3, ISO 27001 / 27017 / 27018, FedRAMP, HIPAA-eligible.

Let’s Encrypt (ISRG)

Service: TLS certificate authority for approvalwhisper.com.

Data scope: Certificate signing requests; no customer data.

Location: US, global.

Certifications: WebTrust-audited CA.

Newfold Digital / systemdns.com DNS infrastructure

Service: Domain Name System (DNS) hosting for approvalwhisper.com.

Data scope: Domain configuration only; no customer data.

Location: US, global.

Certifications: ICANN-accredited registrar infrastructure.

Pending / Gated Sub-processors

None at this time. New sub-processors will be added to the Active list only after source-level approval and at least 30 days’ advance customer notice.

Removed Sub-processors

None as of this publication. When a sub-processor is removed, an entry is added here capturing name, removal date, reason, and replacement if applicable.

Customer Notification Commitment

  • 30 days advance notice before any new sub-processor is added or any material change to an existing sub-processor (data scope, processing location, certification posture). Notice is provided via support@approvalwhisper.com and an update to this page.
  • Removal notice within 30 days of removal of any sub-processor, including reason and any replacement.
  • Customer right to object — customers may object to a new sub-processor under the applicable Data Processing Agreement.

Contact

Questions about our sub-processors? Email support@approvalwhisper.com.

ApprovalWhisper © 2026— ClearGarment AI