Renewly is a dual-region service. You choose your region at signup and your contracts, account data, and audit logs stay in that region for the life of the workspace. This page is the canonical map of the sub-processors that handle your data and the two extraction stages that today cross-region.
EU or US, set at signup, immutable from the UI
Your contracts and account data are stored in the EU on Supabase eu-central-1 (AWS Frankfurt). Contract data extraction runs in-region via Google Vertex europe-west1.
Your contracts and account data are stored in the United States on Supabase us-east-1 (AWS N. Virginia). Contract data extraction runs in-region via Google Vertex us-east5.
Region is set at signup time and cannot be changed from the in-app settings UI. To migrate a workspace between regions, contact support and operations runs the cutover process.
Two extraction stages, both opt-out
PDF text extraction is performed by our sub-processor Reducto. Data handling is governed by our agreement with Reducto; a per-org opt-out is available on request.
The validation pass runs via Anthropic Direct API for both EU and US customers. Anthropic operates under zero data retention for API traffic and does not use API data for model training, per Anthropic API terms. A per-org opt-out is available; an in-region migration is planned.
If your compliance program requires either stage to run in-region too, contact support and we'll enable the opt-out flag on your workspace. Affected stages will be skipped (extractions still run, with slightly lower accuracy on the primary pass alone). The single per-org flag gates both stages.
Who processes your contract data
| Provider | Purpose | Data shared | Residency |
|---|---|---|---|
| Supabase | Database, file storage, authentication | Account data, contracts, extracted metadata, uploaded files | Customer-selected region: EU eu-central-1 (AWS Frankfurt) or US us-east-1 (AWS N. Virginia) |
| Vercel | Application hosting | Request logs, IP addresses | Single-instance; operational logs may transit regions Vercel operates in. |
| Stripe | Payment processing | Email, billing details (no contract data) | Global. Stripe handles payments under PCI Level 1. |
| Resend | Email notifications | Email address, notification content | US-based GDPR-compliant email service. |
| Reductoopt-out | PDF text extraction (pre-LLM stage) | PDF text only — no account data or identifiers. | Sub-processor; data handling per our agreement with Reducto. Per-org opt-out available on request. |
| Google Vertex (Gemini) | Structured field extraction (primary LLM) | Parsed contract text only | Runs in-region: Vertex europe-west1 for EU customers, Vertex us-east5 for US customers. Zero retention and no model training on data, per Google Vertex terms. |
| Anthropic (Claude)opt-out | Cross-check / validation pass (secondary LLM) | Parsed contract text only | Runs via Anthropic Direct API for both EU and US customers. Zero retention and no model training on API data, per Anthropic API terms. Per-org opt-out available; in-region migration planned. |
| Crisp | Live chat support | Email address, chat messages | Single-instance. |
The operational shadow you should know about
Your contract data lives in your selected region. A small number of infrastructure vendors that we use for hosting, error reporting, job orchestration, and rate limiting are single-instance services. Their operational logs (request metadata, IDs, region tags) may transit outside your primary region even though contract content itself does not. Contract content is not logged.
| Vendor | Purpose | Data shared | Posture |
|---|---|---|---|
| Sentry | Error and exception tracking | Stack traces and error context (PII redacted before logging) | Single-instance; events may transit outside the customer's primary region. |
| Inngest | Background job orchestration | Job payloads (region tag, IDs); contract content is not logged. | Single-instance worker plane; the `region` field on payloads is honoured so jobs run against the correct project. |
| Upstash Redis | Rate limiting | Counter keys (org/user identifiers) and counts; no contract content. | Per-region keys; the service itself is single-instance. |
Per-provider attribution
Vercel + Supabase, SOC 2 Type II
Our hosting providers (Supabase and Vercel) hold SOC 2 Type II certification. Renewly itself is not in audit scope; the certifications belong to our infrastructure vendors.
Supabase carries ISO/IEC 27001:2022
Supabase is certified to ISO/IEC 27001:2022 across its full information security management system. Renewly itself is not in audit scope.
Compliant
Renewly is GDPR compliant. EU and EEA users have full rights to access, correct, delete, and export their personal data. We have a signed DPA with Supabase.
California residents have the right to know, access, and delete their personal information. We do not sell personal data.
PCI Level 1
Payments are processed by Stripe under PCI Level 1.
We have a signed DPA with Supabase. A Renewly DPA is available on request for customers that require one - contact security@renewly.gg.
For data transfers out of the EEA (and the UK), Renewly relies on Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) with the sub-processors listed above.
For the full security posture, see /security. For data-residency questions in plain language, see the help article.