OL
OwnerLens
Transparency

Third-Party Service Providers

Subprocessors and Services That Handle Your Data

Last Updated: November 18, 2025

OwnerLens uses carefully selected third-party service providers (subprocessors) to deliver our Services. These providers help us with infrastructure, AI processing, payments, and analytics. We ensure all providers meet our security and privacy standards.

Core Infrastructure

Supabase

Database & Backend Infrastructure

Essential

What they do: Hosts our database, authentication system, and backend APIs

Data processed: All user data, property data, documents, and account information

Location: United States (AWS us-east-1)

Security: SOC 2 Type II certified, GDPR compliant

Website: supabase.com

Vercel

Web Hosting & CDN

Essential

What they do: Hosts our website and web application

Data processed: Web traffic, user sessions, browser metadata

Location: Global CDN with primary servers in United States

Security: SOC 2 Type II certified, GDPR compliant

Website: vercel.com

AI & Document Processing

OpenAI

AI Models & Document Parsing

Essential

What they do: Powers our AI document parsing (OCR, NLP) and AI Copilot features

Data processed: Uploaded documents (leases, statements), user queries to AI Copilot

Location: United States

Security: SOC 2 Type II certified, enterprise-grade encryption

Data retention: OpenAI does not store API data beyond 30 days (per their API policy)

Website: openai.com

Payment Processing

Stripe

Payment Processing & Billing

Essential (Paid Plans)

What they do: Processes credit card payments and manages subscriptions

Data processed: Payment card details, billing address, transaction history

Location: United States (global operations)

Security: PCI-DSS Level 1 certified (highest security standard for payment processors)

Note: OwnerLens never stores credit card details—all payment data is handled directly by Stripe

Website: stripe.com

Banking & Financial Integrations

Plaid

Bank Account Connections (Coming Soon)

Optional (Future)

What they do: Securely connects your bank accounts to OwnerLens for transaction sync

Data processed: Bank account balances, transactions, account details

Location: United States

Security: SOC 2 Type II certified, bank-level encryption

Status: Planned for public launch (March 2026)

Website: plaid.com

Analytics & Performance

Google Analytics

Usage Analytics

Optional

What they do: Tracks how users interact with OwnerLens to improve user experience

Data processed: Page views, clicks, session duration, browser type, general location (city-level)

Location: United States (global operations)

Privacy: IP addresses are anonymized, you can opt-out via cookie settings

Website: analytics.google.com

How We Protect Your Data

  • Data Processing Agreements (DPAs): We have signed DPAs with all critical subprocessors (Supabase, OpenAI, Stripe)
  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Subprocessors only access data necessary for their specific function
  • GDPR Compliance: All essential subprocessors are GDPR compliant and use Standard Contractual Clauses (SCCs) for international data transfers
  • Regular Audits: We review subprocessor security practices annually

Updates to This List

We may add, remove, or replace subprocessors as our Services evolve. We will update this page when changes occur and notify users via email for material changes affecting data processing.

Last updated: November 18, 2025

Questions About Our Subprocessors?

If you have questions about how our subprocessors handle your data, contact us:

Email: privacy@ownerlens.com

Privacy Policy: ownerlens.com/privacy