Sub-processors
Last updated · 2026-05-03
This page lists every third-party service that processes customer data on Rexa's behalf. Per GDPR Art. 28(2), customers will be notified at least 30 days before a new sub-processor is added.
Sub-processors marked "Customer opt-in" only see customer data when the workspace admin explicitly enables that integration. Removing an integration revokes the sub-processor's access immediately.
Active and planned sub-processors
| Vendor | Purpose | Region | Status | DPA |
|---|---|---|---|---|
| AWS (Amazon Web Services) Encrypted receipt files only — Rexa holds the keys, AWS sees ciphertext. | S3 object storage for encrypted receipt blobs; KMS for envelope-key unwrap. | eu-central-1 (Frankfurt) | Always on | Signed |
| Fly.io Full Workspace Data, encrypted at rest, in-VPC TLS. | Hosting for the API + worker processes; Postgres + Redis managed services. | ams (Amsterdam) | Always on | Signed |
| Vercel Sign-in tokens (in browser only), no persistent storage of customer data. | Hosting for the marketing site and customer web app. | EU (eu-central) edge regions | Always on | Signed |
| Resend Recipient email + message body for the duration of delivery (Resend retention: 30 days). | Transactional email (verification, invitations, password reset). | EU region (when available); fallback to US-East with SCCs. | Always on | Pending |
| Klippa Receipt image + extracted text. Per Klippa retention policy. | Receipt OCR (when OCR_PROVIDER=klippa). | Netherlands | Always on | Pending |
| Anthropic Workspace activity snapshot (merchants, amounts, dates, current user email) + the user's typed question. No persistence on Anthropic side. | AI cardholder assistant (summary + chat) when enabled by customer. | United States (US SCCs apply). | Customer opt-in | Pending |
| TrueLayer Customer-initiated AISP consent + transaction history per consent grant. | Open Banking adapter for continuous Amex Business sync. | EU + UK | Planned (not yet live) | Pending |
| Exact Online Customer-authorized OAuth tokens + the data the customer pushes via export. | Accounting export connector (when configured by customer). | Netherlands | Customer opt-in | Signed |
| Sentry Error stack traces with PII redaction applied at log emission. | Error monitoring (production only, when SENTRY_DSN is set). | Sentry SaaS (EU region available). | Customer opt-in | Pending |
How we notify customers
Workspace administrators receive an email at least 30 days before a new sub-processor goes live. The same notice is published in the Rexa changelog and on this page. Customers can object during the notice period; if we cannot reasonably provide the Service without the new sub-processor, the customer may terminate without penalty.
Subscribe to changes
Subscribe to sub-processor updates by emailing privacy@rexa.one. We maintain a notification list separate from marketing emails.
Questions
Questions about a specific sub-processor (region, retention, security posture): privacy@rexa.one. We respond within one business day.