Effective Date: May 26, 2026
Subprocessors
- Company:
- SIGNBONA LLC
- Contact:
- privacy@signbona.com
This Subprocessors page explains the third-party service providers that SIGNBONA LLC (“SignBona,” “we,” “us,” or “our”) uses to provide, operate, secure, monitor, bill, and support SignBona’s websites, applications, electronic signature tools, document workflows, verification pages, and related services (collectively, the “Services”).
A “subprocessor” is a third-party provider that may process personal information or customer data on SignBona’s behalf in order to provide the Services.
This page should be read together with our Privacy Policy, Terms of Service, Electronic Record and Signature Disclosure, and Trust & Security page.
1. Current Subprocessors
| Provider | Purpose | Types of Data Processed | Notes |
|---|---|---|---|
| Supabase | Authentication, database, storage, backend infrastructure | Account information, authentication data, profile settings, documents, templates, signatures, recipients, audit records, consent records, files, storage metadata, system records | Core backend provider for authentication, database, and storage |
| Vercel | Hosting, deployment, application delivery, analytics, speed insights, infrastructure | Website and application requests, IP addresses, device/browser information, performance data, application telemetry, limited usage data | Core hosting and application infrastructure provider |
| Stripe | Checkout, subscriptions, billing, invoices, customer portal, payment webhooks | Account email, customer ID, subscription status, billing metadata, limited payment method metadata, invoices, payment status | SignBona does not store full card numbers on its own servers |
| Resend | Transactional email delivery | Sender and recipient email addresses, email content, signing invitations, one-time passcodes, reminders, completed-document notices, account emails, delivery metadata | Used for operational and transactional emails |
| Sentry | Error monitoring, diagnostics, reliability monitoring | Error logs, stack traces, browser/device details, diagnostic metadata, limited request information | Used to detect and resolve technical issues; configured to reduce unnecessary personal information where feasible |
| DigiCert Timestamp Authority | RFC 3161 timestamping for PDF signing workflows | Timestamping request data, document hash or related cryptographic timestamping data, timestamp response metadata | Used to support timestamp evidence in PDF signing workflows; generally does not receive full document contents |
2. Why SignBona Uses Subprocessors
SignBona uses subprocessors to:
- host and deliver the Services;
- authenticate users;
- store documents, templates, signatures, audit trails, and related records;
- process subscriptions, payments, invoices, and billing events;
- send signing invitations, one-time passcodes, reminders, and completed-document notices;
- monitor errors and improve reliability;
- support PDF signing, timestamping, integrity, and verification workflows;
- protect the security and availability of the Services.
3. Data Shared With Subprocessors
The data shared with each subprocessor depends on the role that provider performs.
For example:
- Supabase may process account data, database records, storage files, documents, signatures, audit trails, and authentication data because it supports core backend infrastructure.
- Stripe may process billing and payment-related data because it provides checkout, subscription, and billing services.
- Resend may process email addresses and message content because it sends transactional emails.
- DigiCert Timestamp Authority generally receives timestamping request data, such as cryptographic hashes, rather than full document contents.
SignBona does not authorize subprocessors to use customer data for their own unrelated purposes.
4. Changes to Subprocessors
SignBona may add, replace, or remove subprocessors as the Services evolve.
We may update this page when we make material changes to our subprocessors. If a change materially affects how personal information is processed, we may provide additional notice through the Services, by email, through account notices, or by another reasonable method.
Your continued use of the Services after an updated Subprocessors page becomes effective means you acknowledge the updated subprocessor list.
5. Security and Contractual Safeguards
SignBona uses service providers that support the operation, security, reliability, and functionality of the Services. Where appropriate, SignBona seeks to use providers with security, privacy, and operational controls suitable for the functions they perform.
Provider security and compliance commitments do not automatically mean that every customer document, workflow, industry, or use case is legally compliant. You are responsible for determining whether the Services are suitable for your specific legal, regulatory, security, and business requirements.
6. International Processing
SignBona is currently intended for users and transactions in the United States. Some subprocessors may process or store data in the United States or other locations according to their infrastructure, policies, and service terms.
If SignBona materially changes its international scope, we may update our Privacy Policy, Terms of Service, and this Subprocessors page.
7. Contact
For questions about subprocessors or privacy practices, contact:
SIGNBONA LLC
- Privacy: privacy@signbona.com
- Legal: legal@signbona.com
- Security: security@signbona.com
- Support: support@signbona.com
8. Spanish Translation Notice
SignBona may provide Spanish translations of this Subprocessors page for convenience. The English version is the official version. If there is any conflict between the English version and a translated version, the English version controls to the fullest extent permitted by law.