Last updated: April 24, 2026
Cloudine (operated by Laburan Inc.) uses the following sub-processors to deliver the service. These companies may process personal data on our behalf. We have entered into data processing agreements with each where applicable.
For Japanese users: in accordance with Japan's APPI, this page constitutes the required disclosure of cross-border data transfers. By signing up, you provide the consent required under APPI Article 24 for personal data to be transferred to the countries listed below.
| Sub-processor | Country | Purpose | Data processed | Protective measures |
|---|---|---|---|---|
| Supabase (Aruba PEC) | Singapore (SG) | Database, Auth, File Storage | All customer data (accounts, resources, metrics, reports) | TLS in transit, AES-256 at rest, access controls, SOC 2 Type II, ISO 27001 |
| Vercel | United States (US) / EU / SG | Application hosting and edge compute | Request logs, deployment metadata, server-side rendered page content | TLS in transit, SOC 2 Type II, GDPR DPA on request |
| Anthropic (Claude API) | United States (US) | AI daily summary generation | Anonymized resource summaries sent as prompts (no PII beyond account name) | TLS in transit, data not used to train models (API use), zero data retention option |
| Resend | United States (US) | Transactional email delivery (alert emails) | Recipient email addresses, email subject and body | TLS in transit, SOC 2 Type II |
| Slack Technologies | United States (US) | Slack alert webhook delivery (when configured by user) | Slack webhook URL (configured by user), alert message content | TLS in transit, SOC 2 Type II |
| Cloudflare | Global (HQ: United States) | DNS, CDN | Request metadata (IP, URL path) — no application data | ISO 27001, SOC 2 Type II, GDPR DPA |
We will notify customers by email at least 30 days before adding a new sub-processor. To object to a sub-processor, contact privacy@cloudine.tech.