Legal
Subprocessor List
This page enumerates the third-party services Plaintiff Zero engages to deliver the Service, categorized by whether they touch the substantive content of user prompts, AI Output, and uploaded documents (“content subprocessors”) or only operational metadata such as account, billing, authentication, hosting, and telemetry (“operational subprocessors”). For the architectural commitments backing the content-subprocessor row, see Section 5.5 of our Terms of Use.
Content Subprocessors
Private Mode (Sovereign Shield) and BYOS: zero. No third-party service receives, processes, or has technical access to user-submitted prompts, AI Output, or uploaded documents. In Private Mode, content is processed inside hardware-isolated Trusted Execution Environments operated by Plaintiff Zero alone. In BYOS, content is processed in the customer’s browser using the customer’s own AI-provider contract; Plaintiff Zero is structurally excluded from the inference path.
Public Mode: the AI provider you select. Public Mode is not privilege-safe (see Privacy Policy, Section 4). When you select Public Mode you choose an AI provider (such as Anthropic, OpenAI, or Google) and that provider receives your prompts and returns AI Output under that provider’s own terms of service. You are choosing the recipient; Plaintiff Zero orchestrates the request but does not negotiate the terms of that downstream relationship on your behalf.
Operational Subprocessors
The following operational subprocessors handle account, billing, authentication, hosting, error telemetry, and similar non-content functions. Each is bound by a data-processing agreement that prohibits access to the content of user prompts, AI Output, or uploaded documents. Each operates only on the data category indicated.
| Subprocessor | Role | Data Category | Processing Region |
|---|---|---|---|
| Stripe | Payment processing | Billing and payment metadata. No user-submitted prompts, AI Output, or uploaded documents. | United States |
| Clerk | Authentication and identity | Account credentials, session metadata, authentication logs. No user-submitted prompts, AI Output, or uploaded documents. | United States |
| Convex | Application database (account, billing, project metadata) | Account profile, project metadata, billing records, and User Content created or uploaded in Public Mode. No Private Mode or BYOS inference content. | United States |
| Vercel | Application hosting and edge delivery | Request routing, static asset delivery. No persistent storage of user-submitted prompts, AI Output, or uploaded documents. | Multi-region (per Vercel deployment) |
| Sentry | Error telemetry and observability | Application error reports and stack traces. Configured to exclude user-submitted content from captured fields. | United States |
| Resend | Transactional email delivery | Account email addresses and the bodies of transactional messages we send to those addresses. No user-submitted prompts, AI Output, or uploaded documents. | United States |
Operational utilities and analytics. Beyond the subprocessors listed above, Plaintiff Zero uses Google Analytics 4 for aggregate web analytics (no user-submitted content; Do Not Track honored — see Privacy Policy, Section 11) and may engage similar lightweight observability or marketing tooling from time to time on a category-equivalent basis. If you require a complete, deployment-specific subprocessor audit for procurement or compliance purposes, contact legal@plaintiffzero.com with the subject line “Subprocessor Audit Request.”
Change Notification
Plaintiff Zero will provide at least sixty (60) days’ written notice before adding, replacing, or expanding the role of any subprocessor on this page. During the notice period, the customer may terminate the agreement without penalty. Notice will be sent to the email address on file and posted on this page with a dated changelog entry. Business customers may also subscribe to subprocessor change notifications by emailing legal@plaintiffzero.com with the subject line “Subprocessor Change Subscription.”
Why This Page Exists
The architectural commitments described in Section 5.5 of our Terms of Use are only as strong as the visibility behind them. Publishing the operational subprocessor list, and explicitly stating that the content subprocessor list is empty for Private Mode and BYOS, lets a customer verify our architectural posture against the relevant test under United States v. Heppner, No. 25 Cr. 503 (JSR), slip op. (S.D.N.Y. Feb. 17, 2026): whether any third party has the technical capability to access privileged communications. The answer for Private Mode and BYOS is no. This page documents that.
Contact
Questions about this page or about specific subprocessor arrangements: legal@plaintiffzero.com.