Trust Center

Sub-processors registry.

Every third party Bridger relies on to operate the Service, what data they process, where their infrastructure runs, and the DPA that governs each relationship. Updates published here at least 30 days before they take effect (per the DPA).

Last updated 2026-05-09
§01 · Infrastructure

Where the platform actually runs.

Vercel, Inc. — application hosting & edge network.

Live

Data: All Bridger application traffic, computed pages, edge cache. Region: US East primary, multi-region edge. DPA: Vercel Enterprise DPA with EU SCCs. Privacy: vercel.com/legal/privacy-policy.

Neon, Inc. — Postgres database (managed).

Live

Data: All persistent application data — accounts, profiles, pipeline, proposals, messages, intel rows. Region: US East. AES-256 at rest. DPA: Neon DPA with EU SCCs. Privacy: neon.tech/privacy-policy.

§02 · Payments

Money movement.

Stripe, Inc. — subscription billing + Connect Express.

Live

Data: Card / bank metadata for billing; Connect onboarding data for providers and lobbyists; payout instructions. Region: US (Stripe-controlled). PCI-DSS Level 1. DPA: Stripe Services Agreement + DPA with EU SCCs. Privacy: stripe.com/privacy.

§03 · Communication

Email + transactional delivery.

Resend, Inc. — transactional + Brief email delivery.

Live

Data: Email address + body of every transactional and marketing email Bridger sends (verification, password reset, daily Brief, notifications, marketplace alerts). Region: US. DPA: Resend DPA with EU SCCs. Privacy: resend.com/legal/privacy-policy.

§04 · AI inference

LLM provider for proposal-agent + assessments.

Anthropic, PBC — Claude inference under zero data retention.

Live

Data: Prompts and completions for proposal-agent, opportunity summarisation, allied-supplier briefings, and intelligence-engine assessment generation. Pathfinder + Enterprise tiers only. Region: US. Retention: Zero data retention configuration; prompts and completions are not retained by Anthropic for model improvement. DPA: Anthropic Commercial Terms (anthropic.com/legal/commercial-terms).

AI Use Policy
§05 · Observability

Error monitoring + analytics.

Sentry — application error monitoring.

Live

Data: Stack traces, error fingerprints, browser metadata. PII (emails, message bodies, profile content) is scrubbed at the SDK boundary before transmission. Region: US. DPA: Sentry DPA. Privacy: sentry.io/privacy.

Vercel Analytics — anonymous web vitals + page views.

In progress

No PII collected. Aggregated only. Privacy: vercel.com/docs/analytics/privacy-policy.

← Trust Centersecurity.txtPrivacyDPA + SCCs
Email the operator →