bluefield
Sub-processorstrust

Sub-processors

Last updated June 2026

To operate the Bluefield API we rely on the third-party services below. We list each one, what it does, roughly where it runs, and what it processes. Several of these only ever see the target URL you ask us to fetch — never your account details.

Bluefield sub-processors with purpose, location, and data processed
Sub-processorPurposeLocationData processed
Fly.ioAPI and worker compute (hosting)United States (us-east)Submitted URLs, request metadata, and account identifiers at runtime
NeonManaged Postgres databaseUnited StatesAccount records, subscriptions, usage and credit ledger, hashed API keys
Cloudflare R2Object storageUnited StatesStored watch-mode captures, snapshots, and screenshots
AWS KMSCustody of the attestation signing keyUnited States (us-east-1)No customer content — holds the private signing key only
InngestBackground job orchestration and webhook deliveryUnited StatesJob payloads (target URLs) and webhook delivery metadata
StripePayments and billingUnited StatesBilling contact and subscription state; card data is held by Stripe, not by us
AnthropicLLM-based structured extractionUnited StatesPage content you submit when you use structured extraction
ResendTransactional emailUnited StatesYour email address for account and notification emails
Bright DataUnlocker / stealth proxy egress (anti-bot tier)Global egressThe target URL you ask us to fetch; no account PII
IPRoyalResidential proxy egress (browser tier)Global egressThe target URL you ask us to fetch; no account PII
VercelMarketing site and dashboard hostingGlobal edge / United StatesSign-in flow and basic site analytics

We may add or change sub-processors as the product evolves. Enterprise customers can request advance notice of material changes as part of a data processing agreement. Questions? Email privacy@bluefields-data.com.

Locations are indicative of where processing primarily occurs and are not a guarantee of exclusive residency. This page is not legal advice.