Sub-processors

Third-party services that process customer data on behalf of BlitzPulse. Updated 2026-06-21.

Per GDPR Art. 28(2) and our standard Privacy Policy, we maintain the list below of sub-processors used to deliver the BlitzPulse service. Customers on a Data Processing Agreement (DPA) will receive at least 30 days' notice before any new sub-processor is added; if you object, you may terminate the affected service per the DPA termination clause.

Subscribe below to receive these change notices by email. You can also email [email protected] directly if you prefer.

Per GDPR Art. 28(2) we send notice at least 30 days before adding any new sub-processor. Double opt-in — we email you to confirm. Unsubscribe any time from the link in every notice.

  1. Charles Schwab & Co., Inc.

    Added 2026-01-01

    Brokerage execution, market data, and OAuth-linked account access for users who connect a Schwab account.

    User-controlled OAuth flow; we never see their Schwab password.

    Data categories
    broker_credentials, broker_account_data, trade_records
    Region
    United States
    Transfer mechanism
    User-controlled OAuth (no portal-side credential transfer)
    References
    WebsiteDPA not yet executed
  2. Passiv Inc. (SnapTrade)

    Added 2026-06-21

    User-directed broker account linking for supported mediated brokers such as Robinhood, Fidelity, Webull, M1 Finance, and Interactive Brokers (IBKR).

    Admin-visible provider for mediated broker connections; not presented as a broker brand. Disabled by default; activated per-tenant by admin. DPA not yet executed.

    Data categories
    broker_credentials, broker_account_data
    Region
    United States
    Transfer mechanism
    User-controlled OAuth (no portal-side credential transfer)
    References
    WebsiteDPA not yet executed
  3. Stripe, Inc.

    Added 2026-01-01

    Subscription billing, payment processing, customer portal.

    Data categories
    user_email, user_name, payment_data
    Region
    United States
    Transfer mechanism
    EU Standard Contractual Clauses (2021/914 Module 2)
    References
    WebsiteDPA
  4. Twilio Inc. (SendGrid)

    Added 2026-01-01

    Transactional email delivery (auth, alerts, billing receipts).

    Data categories
    user_email, support_correspondence
    Region
    United States
    Transfer mechanism
    EU Standard Contractual Clauses (2021/914 Module 2)
    References
    WebsiteDPA
  5. Functional Software, Inc. (Sentry)

    Added 2026-01-01

    Application error monitoring + performance telemetry.

    Allowlist PII scrubber in app.core.observability removes secrets pre-send.

    Data categories
    error_telemetry, browser_telemetry, ip_address
    Region
    United States
    Transfer mechanism
    EU Standard Contractual Clauses (2021/914 Module 2)
    References
    WebsiteDPA
  6. Cloudflare, Inc.

    Added 2026-01-01

    Edge CDN, WAF, tunnel ingress to NAS-hosted origin.

    Data categories
    ip_address, browser_telemetry
    Region
    Global CDN
    Transfer mechanism
    EU Standard Contractual Clauses (2021/914 Module 2)
    References
    WebsiteDPA
  7. Finnhub Stock API (Tunsoft Inc.)

    Added 2026-01-01

    News + earnings + fundamentals market data.

    Outbound-only; no PII transferred.

    Data categories
    market_data
    Region
    United States
    Transfer mechanism
    Not applicable (public market data, outbound only)
    References
    WebsiteDPA not yet executed
  8. MarketAux SAS

    Added 2026-01-01

    News articles + sentiment scoring for ticker pages.

    Outbound-only; no PII transferred.

    Data categories
    market_data
    Region
    European Union
    Transfer mechanism
    EU adequacy decision
    References
    WebsiteDPA not yet executed
  9. Yahoo Finance (Verizon Media)

    Added 2026-01-01

    Historical price + corporate-action backstop via yfinance proxy.

    Public market data only; no user data leaves our infra.

    Data categories
    market_data
    Region
    United States
    Transfer mechanism
    Not applicable (public market data, outbound only)
    References
    WebsiteDPA not yet executed
  10. Backblaze, Inc.

    Added 2026-04-26

    Off-site encrypted backup storage (B2) for Postgres dumps.

    Backups are client-side AES-256 GPG encrypted; B2 only stores ciphertext.

    Data categories
    trade_records, user_email, user_name
    Region
    United States
    Transfer mechanism
    EU Standard Contractual Clauses (2021/914 Module 2)
    References
    WebsiteDPA
Footer Disclaimer BlitzPulse is educational decision support only. Not investment, tax, or legal advice. Not a broker. Trade at your own risk.