Subprocessor Schedule
Approved subprocessors grounded in the live stack.
This schedule identifies the third-party vendors Statura uses to host, operate, monitor, message, bill, or support the service where those vendors may process customer data or service metadata.
Last updated: 23 April 2026
This schedule identifies the approved subprocessors substantiated in the current production codebase and live delivery stack as at the version date.
Approved subprocessors
| Vendor | Service purpose | Typical data involved | Location note |
|---|---|---|---|
| Supabase | Primary application database, authentication, storage, and backend platform services | Core customer records, authentication data, application data, audit logs, stored files | Primary production project configured in Sydney, Australia |
| Vercel | Web and portal hosting, edge delivery, deployment infrastructure, and operational logs for hosted frontends | Request metadata, limited application telemetry, support diagnostics, content served through hosted web apps | Hosting and edge services provided through Vercel infrastructure |
| Sentry | Error monitoring, crash reporting, and operational diagnostics for web and mobile applications | Error traces, request metadata, device metadata, diagnostic context after Statura scrubbing and filtering controls | Sentry ingestion currently configured through US-hosted endpoints |
| Resend | Transactional email delivery for notifications, invitations, and service communications | Email address, message metadata, message content required for delivery, bounce and delivery events | Service may process data outside Australia |
| Twilio | SMS delivery and telehealth/video token infrastructure where enabled | Phone numbers, message metadata and content, telehealth participant metadata, session identifiers | Service may process data outside Australia |
| Stripe | Subscription billing, invoicing, checkout, and payment-administration workflows where enabled | Billing contact details, billing metadata, subscription status, invoice records; payment card data handled by Stripe directly | Service may process data outside Australia |
Notes on scope
- This schedule is limited to subprocessors evidenced in the current Statura codebase and live production delivery path.
- Some platform vendors may process only limited metadata rather than full application content.
- Mobile app distribution through Apple and Google app stores is not listed here as a core customer-data subprocessor for platform operations. Those stores govern app distribution, device installation, and store-account interactions under their own terms.
How updates are handled
- Statura may update this schedule from time to time as the service evolves.
- If Statura intends to add a materially new subprocessor that is reasonably likely to affect customer-data risk, Statura will update this schedule and, where required by the customer agreement, give notice through the service, email, or another reasonable channel.
- If the customer reasonably objects to a materially new subprocessor on documented privacy, confidentiality, or security grounds, the customer must notify Statura within 15 business days after the update notice. The parties will act in good faith to discuss a reasonable alternative or mitigation.
- If the parties cannot resolve a reasonable objection to a materially new subprocessor, the customer may terminate the affected service or module on written notice without penalty for the unused future portion of the affected prepaid fees.
- Continued use of the service after the effective date of an updated schedule constitutes acceptance of the updated schedule, subject to any rights in the customer agreement.
Related documents
Contact
- Privacy: privacy@statura.care
- Legal: legal@statura.care