Sub-Processors
BTC.email uses the following third-party service providers (sub-processors) to operate our service. This page provides transparency about who processes your data, what data they process, and why.
Last updated: December 8, 2025
Overview
We carefully select sub-processors that meet our security and privacy standards. Each sub-processor is contractually obligated to protect your data and use it only for the purposes we specify. We regularly review our sub-processors to ensure they maintain appropriate security practices.
| Provider | Category | Purpose | Location |
|---|---|---|---|
| Supabase | Infrastructure | Database, Authentication, and Storage | United States |
| Vercel | Infrastructure | Web Hosting and Deployment | United States (Global Edge Network) |
| Resend | Transactional Email Delivery | United States | |
| Voltage | Payments | Lightning Network Infrastructure | United States |
| Authentication | OAuth Authentication Provider | United States (Global) | |
| Microsoft | Authentication | OAuth Authentication Provider | United States (Global) |
Infrastructure
Supabase provides our PostgreSQL database infrastructure, user authentication services, and file storage. All user data, account settings, and payment records are stored in Supabase. We use row-level security policies to ensure users can only access their own data. Supabase encrypts data at rest and in transit.
Data Processed
- User account information (email, username, profile data)
- Authentication credentials and session tokens
- Email settings (whitelist, blocklist, pricing preferences)
- Payment records and transaction history
- Security audit logs
Vercel hosts and deploys our web application. When you access BTC.email, your requests are routed through Vercel's global edge network. Vercel processes standard web server logs including IP addresses and user agent strings for security and performance optimization. We use Vercel's built-in DDoS protection and SSL/TLS encryption.
Data Processed
- HTTP request logs (IP addresses, user agents, URLs)
- Performance metrics and error logs
- Edge function execution data
Resend handles the delivery of outbound emails from BTC.email addresses. When you send an email through our service, Resend processes the email content to deliver it to the recipient's mail server. Resend maintains delivery logs and handles bounce processing. We use Resend's API to send transactional emails including account notifications and payment receipts.
Data Processed
- Outbound email content (subject, body, attachments)
- Sender and recipient email addresses
- Email delivery status and timestamps
- Email engagement metrics (delivery, bounces)
Payments
Voltage provides our Lightning Network node infrastructure. When you make a Lightning payment to BTC.email, your payment is processed through our Voltage-hosted LND node. Payment data including invoices, preimages, and settlement information passes through Voltage's infrastructure. Lightning payments are pseudonymous and do not contain personally identifiable information beyond payment amounts and timestamps.
Data Processed
- Lightning Network invoices (payment hashes, amounts, expiry)
- Payment preimages (proof of payment)
- Channel state and routing information
- Node connection data
Authentication
Google provides OAuth authentication allowing users to sign in with their Google account. When you choose to sign in with Google, we receive basic profile information (name, email) and OAuth tokens. If you connect your Gmail account to BTC.email, we use the Gmail API to access your email on your behalf. Google's authentication services are subject to Google's Privacy Policy and Terms of Service.
Data Processed
- OAuth access tokens and refresh tokens
- Google account profile information (name, email, profile picture)
- Gmail API access for connected email accounts
Microsoft provides OAuth authentication allowing users to sign in with their Microsoft account. When you choose to sign in with Microsoft, we receive basic profile information (name, email) and OAuth tokens. If you connect your Outlook account to BTC.email, we use the Microsoft Graph API to access your email on your behalf. Microsoft's authentication services are subject to Microsoft's Privacy Statement.
Data Processed
- OAuth access tokens and refresh tokens
- Microsoft account profile information (name, email)
- Outlook API access for connected email accounts
Data Transfer Mechanisms
Our sub-processors are primarily located in the United States. For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, data transfers to these sub-processors are conducted in compliance with applicable data protection laws through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) with each sub-processor
- Supplementary measures including encryption and access controls where appropriate
Changes to Sub-Processors
We may update this list of sub-processors from time to time. When we add a new sub-processor that processes personal data, we will update this page. For material changes that significantly affect how your data is processed, we will provide notice through our Service or via email.
Questions
If you have questions about our sub-processors or how your data is processed, please contact us at privacy@btc.email.