Subprocessor List
Last updated: April 24, 2026
To deliver DOVA Manufacturing, we use a small number of trusted third-party service providers ("subprocessors"). Each one has its own security posture and privacy commitments, reviewed before we onboarded them.
If we add, remove, or change a subprocessor, we update this page and change the date at the top. Enterprise customers under a signed Data Processing Agreement also receive 30 days' advance notice by email.
Current subprocessors
| Provider | Purpose | Data categories | Location |
|---|---|---|---|
| Supabase | Managed PostgreSQL database and authentication | Account data, production records, user credentials (hashed) | United States (AWS) |
| Vercel | Application hosting, deployment, and edge network | HTTP request metadata, deployment logs | United States / global edge |
| Stripe | Payment processing and billing | Billing contact, payment method, invoice history | United States / global |
| Resend | Transactional email delivery | Recipient email addresses, email content, delivery logs | United States |
| Microsoft Azure Active Directory | Single Sign-On (SSO / SAML), when enabled by the customer | Email address, name, SSO tokens | United States / customer-selected region |
How to request advance notification
Enterprise customers under a Data Processing Agreement automatically receive 30 days' notice when we intend to add a new subprocessor. To request a signed DPA or to subscribe to subprocessor updates, email legal@dovamfg.com.
For the countersigned enterprise version of this document, or to ask a legal question, email legal@dovamfg.com. We respond within two business days.