Sub-processors
Third-party services that process customer data on behalf of BlitzPulse. Updated 2026-06-21.
Per GDPR Art. 28(2) and our standard Privacy Policy, we maintain the list below of sub-processors used to deliver the BlitzPulse service. Customers on a Data Processing Agreement (DPA) will receive at least 30 days' notice before any new sub-processor is added; if you object, you may terminate the affected service per the DPA termination clause.
Subscribe below to receive these change notices by email. You can also email [email protected] directly if you prefer.
Charles Schwab & Co., Inc.
Added 2026-01-01Brokerage execution, market data, and OAuth-linked account access for users who connect a Schwab account.
User-controlled OAuth flow; we never see their Schwab password.
- Data categories
- broker_credentials, broker_account_data, trade_records
- Region
- United States
- Transfer mechanism
- User-controlled OAuth (no portal-side credential transfer)
- References
- WebsiteDPA not yet executed
Passiv Inc. (SnapTrade)
Added 2026-06-21User-directed broker account linking for supported mediated brokers such as Robinhood, Fidelity, Webull, M1 Finance, and Interactive Brokers (IBKR).
Admin-visible provider for mediated broker connections; not presented as a broker brand. Disabled by default; activated per-tenant by admin. DPA not yet executed.
- Data categories
- broker_credentials, broker_account_data
- Region
- United States
- Transfer mechanism
- User-controlled OAuth (no portal-side credential transfer)
- References
- WebsiteDPA not yet executed
Stripe, Inc.
Added 2026-01-01Subscription billing, payment processing, customer portal.
- Data categories
- user_email, user_name, payment_data
- Region
- United States
- Transfer mechanism
- EU Standard Contractual Clauses (2021/914 Module 2)
Twilio Inc. (SendGrid)
Added 2026-01-01Transactional email delivery (auth, alerts, billing receipts).
- Data categories
- user_email, support_correspondence
- Region
- United States
- Transfer mechanism
- EU Standard Contractual Clauses (2021/914 Module 2)
Functional Software, Inc. (Sentry)
Added 2026-01-01Application error monitoring + performance telemetry.
Allowlist PII scrubber in app.core.observability removes secrets pre-send.
- Data categories
- error_telemetry, browser_telemetry, ip_address
- Region
- United States
- Transfer mechanism
- EU Standard Contractual Clauses (2021/914 Module 2)
Cloudflare, Inc.
Added 2026-01-01Edge CDN, WAF, tunnel ingress to NAS-hosted origin.
- Data categories
- ip_address, browser_telemetry
- Region
- Global CDN
- Transfer mechanism
- EU Standard Contractual Clauses (2021/914 Module 2)
Finnhub Stock API (Tunsoft Inc.)
Added 2026-01-01News + earnings + fundamentals market data.
Outbound-only; no PII transferred.
- Data categories
- market_data
- Region
- United States
- Transfer mechanism
- Not applicable (public market data, outbound only)
- References
- WebsiteDPA not yet executed
MarketAux SAS
Added 2026-01-01News articles + sentiment scoring for ticker pages.
Outbound-only; no PII transferred.
- Data categories
- market_data
- Region
- European Union
- Transfer mechanism
- EU adequacy decision
- References
- WebsiteDPA not yet executed
Yahoo Finance (Verizon Media)
Added 2026-01-01Historical price + corporate-action backstop via yfinance proxy.
Public market data only; no user data leaves our infra.
- Data categories
- market_data
- Region
- United States
- Transfer mechanism
- Not applicable (public market data, outbound only)
- References
- WebsiteDPA not yet executed
Backblaze, Inc.
Added 2026-04-26Off-site encrypted backup storage (B2) for Postgres dumps.
Backups are client-side AES-256 GPG encrypted; B2 only stores ciphertext.
- Data categories
- trade_records, user_email, user_name
- Region
- United States
- Transfer mechanism
- EU Standard Contractual Clauses (2021/914 Module 2)