Last updated: 1 June 2026
Levvr uses the following sub-processors to deliver the service. Each has been assessed against Australian Privacy Principle 8 cross-border disclosure requirements. Where personal data is transferred outside Australia, we rely on contractual protections (including data processing agreements) with each sub-processor.
| Service | Purpose | Data categories | Location / certifications | Privacy docs |
|---|---|---|---|---|
| Supabase | Database hosting (PostgreSQL) and file storage | All user data, payroll records, documents, file attachments | USA (SOC 2 Type II; AU data residency available on request) | Privacy policy |
| Clerk | Authentication and identity management | Email, name, organisation membership, session tokens | USA (SOC 2 Type II) | Privacy policy |
| Anthropic | AI document generation (narrative contextualisation) | Job descriptions, hazard descriptions, site addresses submitted for document generation | USA | Privacy policy |
| Stripe | Payment processing and subscription billing | Billing name, email address, payment method details | USA (PCI DSS Level 1) | Privacy policy |
| Sentry | Application error monitoring | Stack traces, sanitised request context, user ID | USA | Privacy policy |
| Resend | Transactional email delivery | Recipient email address, name, email content (sign-off links, invitations) | USA | Privacy policy |
| Twilio | SMS notifications | Mobile number, SMS content (sign-off links) | USA | Privacy policy |
| Vercel | Application hosting and edge delivery | HTTP request headers, IP addresses, response data | USA / global edge network | Privacy policy |
To request a change to this list, ask about a specific sub-processor, or raise a concern about cross-border data transfers, contact privacy@levvr.com.au.