Legal
Subprocessors
Kepto uses the service providers below to operate the product. This page is a public reference for customers reviewing privacy, GDPR, and vendor handling.
Last updated: May 26, 2026
How to read this list
Not every provider receives every type of customer data. Data is shared only as needed for the provider's role in running Kepto, and provider terms, data processing terms, transfer safeguards, or equivalent protections are used where applicable.
Provider
Purpose
Data
Location
Vercel
Purpose
Application hosting, serverless functions, deployment, and edge delivery
Data
Account, organization, asset, operational, and request metadata processed by the application
Location
Provider infrastructure regions, including EU and US locations where applicable
Neon
Purpose
Managed Postgres database hosting
Data
Application database records, including accounts, organizations, assets, history, notifications, and billing state
Location
Configured database region and provider infrastructure locations
Vercel Blob
Purpose
Asset photo storage
Data
Uploaded asset images and related storage metadata
Location
Provider infrastructure regions
Resend
Purpose
Transactional email delivery
Data
Email addresses, names where provided, and email content for verification, invites, password reset, reminders, billing, and support messages
Location
Provider infrastructure regions
Stripe
Purpose
Checkout, subscriptions, invoices, customer portal, and payment status webhooks
Data
Billing customer identifiers, subscription identifiers, plan, payment state, invoices, and payment method metadata handled by Stripe
Location
Provider infrastructure regions
Purpose
Optional Google sign-in
Data
OAuth account identifier, email address, and profile name when Google sign-in is used
Location
Provider infrastructure regions
Sentry
Purpose
Error monitoring and diagnostics
Data
Error events, stack traces, request context, browser/runtime metadata, and limited user/account context where configured
Location
Provider infrastructure regions
Changes and requests
Kepto may update this list as infrastructure changes. For privacy, DPA, or subprocessor questions, contact us through the contact page or email info@kepto.io.
Contact Kepto