Legal
Sub-processors
Complete list of third-party vendors processing data on behalf of QuantumScan. Updated whenever a sub-processor is added or removed.
ℹ️DORA/NIS2 note: as a compliance tool, we are fully auditable. If you need this document as a PDF for your vendor review, email . dpa@quantumscan.io
Infrastructure
| Vendor | Purpose |
|---|---|
| Vercel Inc. | Application hosting and serverless functions |
| Neon Inc. | Serverless PostgreSQL database |
| Cloudflare Inc. | DNS, email routing, CDN |
Authentication & identity
| Vendor | Purpose |
|---|---|
| Clerk Inc. | Authentication, user and organization management |
| Google LLC | OAuth 2.0 sign-in (optional) |
Communication
| Vendor | Purpose |
|---|---|
| Resend Inc. | Transactional emails (welcome, scan result, alerts) |
Artificial intelligence
| Vendor | Purpose |
|---|---|
| Anthropic PBC | Finding analysis and PQC migration guide generation (default) |
| OpenAI LLC | Alternative AI via BYOK (only if user provides their own key) |
| Google LLC (Gemini) | Alternative AI via BYOK (only if user provides their own key) |
Analytics & monitoring
| Vendor | Purpose |
|---|---|
| PostHog Inc. | Product analytics (aggregated usage events) |
| Sentry Inc. | Error and exception tracking |
Source code (scanning)
| Vendor | Purpose |
|---|---|
| GitHub Inc. (Microsoft) | File reading via REST API (only with user token) |
| GitLab B.V. | File reading via GitLab API (only with user token) |
| Atlassian (Bitbucket) | File reading via Bitbucket API (only with user token) |
Last updated: May 2026 · For change notifications, email dpa@quantumscan.io.