Muninnbase Subprocessor List
Last Updated: May 22, 2026
Overview
Muninnbase uses a limited set of third-party vendors ("subprocessors") to operate the Service. Each subprocessor is contractually bound to data-protection obligations and may only process information for the purposes described below.
This page is the authoritative list of subprocessors that may process Customer Content or personal data on our behalf. We notify Customer administrators in advance of any new subprocessor being added to this list, as committed in our Privacy Policy.
Current subprocessors
Infrastructure and hosting
| Subprocessor | Legal entity | Purpose | Data processed | Location | Resources | Date added |
|---|---|---|---|---|---|---|
| Supabase | Supabase, Inc. | Managed PostgreSQL database, authentication, and row-level security infrastructure | Customer account data, authentication credentials, document metadata, vector embeddings, Q&A logs | United States | Privacy · DPA | May 22, 2026 |
| Railway | Railway Corp. | Application hosting, file and object storage, edge networking | All Customer Content (uploaded documents), runtime application data, server logs | United States | Privacy · DPA | May 22, 2026 |
| Cloudflare | Cloudflare, Inc. | Content delivery network, DDoS protection, web application firewall, and Turnstile bot-detection on signup | Network metadata (IP addresses, request headers, response codes); browser signals during signup CAPTCHA challenge | United States (with global edge network) | Privacy · DPA | May 22, 2026 |
AI and machine learning
| Subprocessor | Legal entity | Purpose | Data processed | Location | Resources | Date added |
|---|---|---|---|---|---|---|
| OpenAI | OpenAI OpCo, LLC, | Large language model inference (question answering) and text embeddings | End-user question text, retrieved document passages used as grounding context, model-generated answer text | United States | Privacy · DPA | May 22, 2026 |
OpenAI's API terms and Enterprise Privacy commitments confirm that data submitted through the OpenAI API is not used to train OpenAI models. We have selected the API tier specifically for this guarantee.
Communications
| Subprocessor | Legal entity | Purpose | Data processed | Location | Resources | Date added |
|---|---|---|---|---|---|---|
| Resend | Plus Five Five, Inc. (d/b/a Resend) | Transactional email delivery (account verification, password reset, signup OTP codes) | Recipient email address, sender display name, transactional message content | United States | Privacy · DPA | May 22, 2026 |
Billing
| Subprocessor | Legal entity | Purpose | Data processed | Location | Resources | Status |
|---|---|---|---|---|---|---|
| Stripe | Stripe, Inc. | Payment processing and subscription billing | Customer billing contact information, payment card details (handled directly by Stripe in accordance with PCI-DSS), subscription state, invoice records | United States | Privacy · DPA | Scheduled — activates when paid plans are enabled |
Stripe does not currently process any Muninnbase Customer or End User data. Stripe will activate as a subprocessor when paid subscription billing is enabled in the Service. No additional notification will be issued at activation, since Stripe is disclosed in advance through this list.
Notification of changes
As committed in our Privacy Policy, we will provide notice to Customer administrators through this page or by email before adding a new subprocessor that processes Customer Content. Customers may object to a proposed new subprocessor under the terms of their subscription agreement.
Contact
Questions about this list or our use of subprocessors: [email protected]