Supabase
Privacy policy- Purpose:
- Database, Authentication, and Storage
- Data handled:
- Account credentials (hashed), all household financial data, session tokens, row-level security policies.
- Location:
- United States (AWS us-east-1)
Legal
Subprocessors
Last updated: April 10, 2026 · FieldSphere Technologies LLC
RealiPlan uses the following third-party services (“subprocessors”) to process personal data on our behalf. Each subprocessor is contractually obligated to protect personal data and use it only to provide services to RealiPlan.
We will provide at least 30 days' notice before adding a new subprocessor or materially changing how an existing subprocessor handles personal data. If you have an active subscription and object to a new subprocessor, you may terminate your subscription and request a prorated refund for any unused period.
This list supplements the “Third-Party Services” section of our Privacy Policy. For questions about a specific subprocessor or to report a concern, email privacy@realiplan.com.
Amazon Web Services (AWS)
Privacy policy- Purpose:
- Underlying cloud infrastructure for Supabase
- Data handled:
- Same data as Supabase, hosted on AWS-managed infrastructure. RealiPlan has no direct AWS account; the relationship is mediated by Supabase.
- Location:
- United States
Vercel
Privacy policy- Purpose:
- Hosting and CDN for realiplan.com and app.realiplan.com
- Data handled:
- HTTP request metadata (IP, user-agent, referrer), edge cache, build logs.
- Location:
- United States (global edge network)
Stripe
Privacy policy- Purpose:
- Subscription billing and payment processing
- Data handled:
- Customer email, subscription plan, tokenized payment method, invoice history. RealiPlan never sees full card details.
- Location:
- United States
Anthropic
Privacy policy- Purpose:
- AI budget recommendations (Claude)
- Data handled:
- Relevant portions of household financial data, sent only when the user explicitly requests an AI recommendation. Per Anthropic's standard API terms, data is not used to train Anthropic's models by default.
- Location:
- United States
Resend
Privacy policy- Purpose:
- Transactional email delivery
- Data handled:
- Recipient email address and the contents of transactional messages (confirmations, password resets, coach invitations, billing receipts).
- Location:
- United States
Sentry
Privacy policy- Purpose:
- Error monitoring and performance tracing
- Data handled:
- Anonymized stack traces, request paths, user agent, and a hashed user id. PII is scrubbed before transmission where possible.
- Location:
- United States
Google Analytics 4
Privacy policy- Purpose:
- Aggregate marketing and usage analytics
- Data handled:
- Page views, approximate location (country/region), device type, referrer. IP addresses anonymized. Loaded only after explicit user consent via Google Consent Mode v2.
- Location:
- United States and EU