Honest Growth

Subprocessors

Who has access to your data.

We do not hide our vendor list. Every third-party company that processes your data on our behalf is below — what it is used for, what data it touches, and a link to its privacy policy.

Used for
Generates the written explanations of audit findings
Data it touches
Numeric account summaries and finding evidence, sent when an audit's findings are explained. No tokens, no PII, no ad creative.
Used for
Authentication and Postgres database hosting
Data it touches
Email, name, and login/session events; all application data at rest, with Meta access tokens stored as encrypted fields.
Used for
Redis caching
Data it touches
Short-lived cached audit and session data. No long-term storage.
Used for
Billing — active when billing ships
Data it touches
Billing details, payment method, invoice records.
Used for
Error monitoring
Data it touches
Error stack traces. Filtered for PII and tokens before send.
Used for
Product analytics
Data it touches
Usage events — page views and actions such as audits run — with associated device and IP metadata. No ad data, no audit contents.
Used for
Transactional and digest email delivery
Data it touches
Your email address and the contents of the emails we send you — sign-in links, audit-ready notices, and 'what changed' digests.
Used for
DNS, CDN, DDoS protection, and frontend hosting (Pages)
Data it touches
Request metadata and IP addresses for routing, hosting, and abuse protection.

We notify customers by email at least 30 days before adding a new subprocessor. To get those notifications, reach out to [email protected]. For how we secure your data, see the security page.

We update this list when it changes. Last updated: May 22, 2026