// public sandbox · real alchemy ingestion · model v0.5.0-gov-expanded · status
SYBILSHIELD

// legal

Sub-processors

Third-party services we use to operate SybilShield. Each is bound by a written DPA. Subscribe to change notifications (30-day advance notice).

vendorpurposedataregiondpa
VercelFrontend hostingHTTP logs, IPUSA · global edgeDPA
RailwayAPI + worker hostingApp data, logsUSA (us-west-2)DPA
SupabaseManaged PostgresAll customer recordsEU (Frankfurt)DPA
UpstashManaged Redis (queue)Job payloadsEU (Frankfurt)DPA
CloudflareCDN, DNS, WAFRequest metadataGlobal edgeDPA
AlchemyRPC providerPublic on-chain queriesUSADPA
PostmarkTransactional emailEmail addr, subjectUSADPA
GitGuardianSecret leak scanningPublic repo contentEU (France)DPA
PostHogProduct analyticsPseudonymous eventsEU (Germany)DPA
SentryError trackingStack traces, hashUSADPA

Data residency summary

PRIMARY

Customer records — EU (Frankfurt). Supabase + Upstash.

EDGE

Static assets + DNS — global edge. No customer PII.

BILLING

None. SybilShield is a free public good — no payment processors, no billing data.