This page lists vendors and subprocessors ChangeSentry may use to provide, secure, analyze, bill for, and support the service. Some vendors are always required for the core service; others apply only when optional analytics, AI features, or customer-configured integrations are enabled.
ChangeSentry is operated by ParamountTD LLC, doing business as ChangeSentry. Business customers with DPA, transfer, or vendor-review requirements should email privacy@changesentry.com before relying on this list for production procurement.
Vendor inventory
| Vendor | Purpose | Data processed | Status | Country |
|---|---|---|---|---|
| Supabase | Authentication, database, managed storage, and account data infrastructure. | Account, auth, profile, monitor, change, support, policy, and billing metadata. | Core service provider | United States |
| Stripe | Checkout, subscriptions, invoices, taxes, payment events, and billing support. | Billing contact details, subscription metadata, invoice details, and payment identifiers. | Core billing provider | United States |
| Upstash Redis | Queues, rate limiting, worker coordination, and operational deduplication. | Queue metadata, monitor/check identifiers, notification metadata, and rate-limit keys. | Core infrastructure provider | United States |
| Resend | Transactional email, support replies, notification email, and announcements. | Email addresses, message content, alert content, support replies, and delivery metadata. | Core communications provider | United States |
| Pusher | In-app notifications and realtime product updates. | User/channel identifiers, event metadata, and notification payloads. | Core communications provider | United States / United Kingdom |
| IPinfo | Approximate IP geolocation for login history, security review, and abuse prevention. | IP address and approximate country, region, city, or postal information. | Security and account provider | United States |
| Sentry | Error monitoring, diagnostics, and production issue investigation. | Error events, traces, request metadata, device/browser data, and diagnostic context. | Security and reliability provider | United States |
| PostHog | Product analytics, feature adoption, and event measurement after consent where required. | Product events, pageviews, device data, and identifiers depending on configuration. | Optional analytics provider | United States / EU (region-dependent) |
| Google Analytics | Website traffic and conversion analytics after consent where required. | Pageviews, events, device data, and approximate location/traffic metadata. | Optional analytics provider | United States |
| Hotjar | Experience and performance analytics after consent where required. | Interaction and performance data depending on configuration. | Optional analytics provider | Malta / EU |
| Discord | Customer-configured alert delivery through Discord webhooks. | Webhook URL, monitor metadata, and alert content sent to configured channels. | Customer-enabled integration | United States |
| Telegram | Customer-configured alert delivery through Telegram bots/chats. | Bot token, chat ID, monitor metadata, and alert content sent to configured chats. | Customer-enabled integration | United Arab Emirates / Netherlands |
| OpenRouter | AI-assisted change classification and summaries when configured. | URL, label, page title, monitor intent, diff summaries, and before/after excerpts. | AI provider path | United States |
| Anthropic | AI-assisted change classification and summaries when configured. | URL, label, page title, monitor intent, diff summaries, and before/after excerpts. | AI provider path | United States |
| OpenAI | AI-assisted change classification and summaries when configured. | URL, label, page title, monitor intent, diff summaries, and before/after excerpts. | AI provider path | United States |
| Vercel / Railway | Application hosting, worker hosting, deployments, logs, and service operation. | Application data in transit, logs, traffic metadata, and operational diagnostics. | Hosting infrastructure | United States / Global edge |
Subprocessor updates
ChangeSentry may update this list as the product, vendors, infrastructure, or legal requirements change. We aim to provide at least 30 days' advance notice before adding or replacing a subprocessor that processes personal data. Notice may be given through website updates, product notices, email, or account notices depending on the nature of the change. Business customers with a signed DPA that requires specific authorization for new subprocessors should email privacy@changesentry.com to register their objection process.
Customer responsibility
Customers remain responsible for confirming they have rights and lawful authority to monitor configured pages and send alert content to customer-enabled destinations such as Discord or Telegram. Do not configure monitors or integrations that send secrets, regulated data, or unauthorized third-party content unless you have proper authority.
Contact
For vendor review, subprocessor questions, or DPA requests, email privacy@changesentry.com or use the contact page.