1. Purpose
This Subprocessor List identifies the third parties that Align engages to process Customer Personal Data on behalf of Customer under the Data Processing Addendum (DPA). It is incorporated into the DPA as Annex 3 and is updated when Align adds, removes, or materially changes a subprocessor.
Customers may subscribe to subprocessor change notifications by emailing privacy@alignsoft.us. Customers may object to a new subprocessor on reasonable data protection grounds within thirty days after notice, as described in DPA Section 7.
2. Current Subprocessors
| Subprocessor | Category | Role in Align | Status |
|---|---|---|---|
| Railway | Cloud hosting | Runs all production and staging workloads (web server, background jobs, PostgreSQL database). All tenant data at rest and in transit lives within Railway's infrastructure. | In production |
| Replit | Development platform | Hosts the development environment and CI build pipeline. Also provides the Replit Object Storage adapter used for file attachments in the development environment (dual-adapter: Replit in dev, S3 in production). | In production |
| Doppler | Secrets management | Stores all environment secrets (API keys, database credentials, signing keys) and syncs them to Railway at deploy time. No secrets are committed to the repository. | In production |
| PostgreSQL (Railway) | Database | Primary data store for all tenant, project, entry, user, billing, and audit data. Isolated per tenant via row-level security and organization_id foreign keys. | In production |
| GitHub | Source control / integration | Hosts the codebase. Also functions as a data processor: the GitHub App ingests webhook events (push, pull_request, deployment_status) to link commits and PRs to Align entries and trigger automated status transitions. | In production |
| Stripe | Payments & billing | Processes subscription payments, manages billing plans, and handles plan-enforcement webhooks. Stores customer and payment-method references; no raw card data touches Align servers. | In production |
| OpenAI | AI / ML | Powers AI-generated executive summaries on project reports (GPT-4.1), entry analysis, and the AI Staff Tools surface. All prompts pass through a PII redaction layer before leaving Align's infrastructure. | In production |
| Resend | Transactional email | Delivers platform-generated emails: trial reminders, dunning notices, invitations, and notifications. Configured as the primary email provider; SMTP is a configurable fallback. | In production |
| Dropbox Sign (HelloSign) | Electronic signatures | Sends, tracks, and stores signed agreements. Align sends agreement content to Dropbox Sign's API and stores a signed-document reference in return. | In production |
| PostHog | Product analytics | Captures product usage events (page views, feature usage) for aggregate product analytics. Per-organization opt-in; gated by POSTHOG_API_KEY. No personally identifiable content (entry bodies, comments) is sent. | In production |
| AWS S3 (via Railway) | File storage | Stores file attachments uploaded through Align (documents, images, evidence files) in production. The S3 adapter activates automatically when AWS_* environment variables are present on Railway. | In production |
| Auth0 | Enterprise SSO | Provides SAML / OIDC single sign-on for tenants that configure it. Per-organization and optional — tenants supply their own Auth0 domain and credentials. Not required for standard username and password login. | In production |
| Slack | Notifications | Receives project update notifications via a per-project inbound webhook URL configured by the tenant. Align sends structured JSON payloads; no Align data is stored by Slack beyond the notification payload. | In production |
| Nodemailer / SMTP | Transactional email | Fallback email transport for tenants or environments where Resend is not configured. Tenant-configurable SMTP host, port, and credentials via platform admin settings. | In production |
| Replit AI (OpenAI proxy) | AI / ML | Used during development for AI-assisted code generation. Not in the production data path; no tenant data is processed through this channel. | Planned |
| Sentry / Error monitoring | Observability | Structured error tracking and alerting. Infrastructure is code-ready (structured logging with pino is live); a dedicated error-monitoring provider has not yet been wired to an external service. | Planned |
3. Data Locations and Transfers
Subprocessors operate primarily from the United States. Where Customer Personal Data is transferred to a jurisdiction that requires a transfer mechanism, Align relies on appropriate lawful transfer tools, which may include Standard Contractual Clauses, as described in DPA Section 13.
Customer is responsible for evaluating whether Align's subprocessor footprint is appropriate for Customer's regulatory environment, data residency requirements, and risk posture.
4. Categories of Customer Data Processed
Each subprocessor processes a defined subset of Customer Personal Data necessary to perform its function. The DPA Section 4 (Details of Processing) describes the categories of data, data subjects, and processing nature that apply to Align as a whole; individual subprocessors process only the subset relevant to their service.
5. Changes to This List
Align will update this Subprocessor List when a subprocessor is added, removed, or materially changed. Customers who have subscribed to change notifications will receive notice through the email channel specified at subscription. The most current version always controls.
6. Contact
Subprocessor questions or objections may be sent to privacy@alignsoft.us.
Last reviewed: June 5, 2026 · Version 1.0 · Published.