Pulsent Labs Inc. — Superlog · Last updated 2026-05-19
Superlog uses the following subprocessors to deliver the service. We commit to providing
30 days' advance notice via the email of record (and on this page) before adding
a new subprocessor that processes customer data, for customers under an active Data Processing
Agreement.
Infrastructure
| Subprocessor |
Purpose |
Data processed |
Location |
| Railway Corp. |
Application hosting, managed Postgres, managed ClickHouse, OTel Collector |
All customer telemetry, all application metadata |
United States |
| Cloudflare, Inc. |
DNS, edge proxy, TLS termination, WAF, DDoS protection |
All inbound HTTPS traffic (request metadata; bodies pass through encrypted to origin) |
Global edge; configuration set to US-bias |
Authentication and email
| Subprocessor |
Purpose |
Data processed |
Location |
| Resend, Inc. |
Transactional email (sign-up verification, password reset, invitations, incident notifications) |
End-user email address, name, message content |
United States |
| Loops Inc. |
Lifecycle/product email (onboarding flows) |
End-user email address, name, lifecycle event metadata |
United States |
Agent runtime and LLM
| Subprocessor |
Purpose |
Data processed |
Location |
| Anthropic, PBC |
Investigation agent runtime (Managed Agents), LLM inference, credential vault for chained third-party tokens |
Incident context (stack frames, log samples, trace excerpts); source code from the
customer's repo (read-only via GitHub App) during an active investigation; chained
third-party credentials (e.g. Linear tokens) stored in Anthropic Vault
|
United States |
Anthropic's data-handling terms for API and Managed Agents apply. We do not opt customer data
into model training.
Customer-connected integrations
These are activated only when a customer explicitly installs the integration into their org /
project. Superlog acts as a controller for the OAuth grant and as a processor for the data
flowing through.
| Subprocessor |
Purpose |
Data processed |
Location |
| GitHub, Inc. |
GitHub App for source code read access and PR creation |
Repository contents (read), PR contents (write) — only for repos the customer grants the App |
United States |
| Slack Technologies, LLC |
Incident notifications, investigation threads, human handoff |
Incident summaries, investigation updates, customer-supplied replies |
United States |
| Linear Orbit, Inc. |
Ticket creation for investigation outcomes |
Incident summaries, investigation outcomes — only for workspaces the customer connects |
United States |
Product analytics
| Subprocessor |
Purpose |
Data processed |
Location |
PostHog Inc. (EU instance: eu.i.posthog.com) |
First-party product analytics for the Superlog web app |
Pseudonymous user/session identifiers, page navigation events, feature usage events |
European Union |
Billing
| Subprocessor |
Purpose |
Data processed |
Location |
| Stripe, Inc. |
Billing, subscription management, invoicing, and payment processing |
Billing contact name, email, optional company name, tokenized payment method
references, subscription / invoice metadata. Payment card data is collected by Stripe on
Stripe-hosted pages and never touches Superlog systems.
|
United States |
Not subprocessors (commonly asked)
-
OpenAI, Inc. — listed in our roadmap as a potential alternate provider for
investigation runtime, but not currently in production use.
-
Google LLC (Workspace / Google Sign-In) — Google Sign-In is offered to end
users as an authentication option. When used, Google processes the end user's authentication
exchange. No customer telemetry is sent to Google.
Change log
| Date |
Change |
| 2026-05-19 |
Initial publication |