IncorpAssist

Subprocessors & Third-Party Services

Last updated: 2 May 2026

This page lists every third-party service that IncorpAssist uses, the role each service plays, the data (if any) it processes, and the legal safeguards in place. We update this page whenever we add, remove, or materially change a service. For changes that affect how visitor or user data is processed, we update the Privacy Policy simultaneously.

We use three categories:

  • Data Subprocessors: services that process visitor or user data on our behalf in the GDPR sense (Article 28). We have entered into Data Processing Agreements (DPAs) with each.
  • Independent Data Controllers: services that receive data directly from your browser and process it under their own privacy terms, not ours. We are not the data controller for this processing.
  • Business Infrastructure: services used to operate our business internally. No visitor or user data flows through these services in the ordinary course of operation.

1. Data Subprocessors

These services process data about visitors to incorpassist.com on our behalf. We have signed Data Processing Agreements (incorporating Standard Contractual Clauses where applicable) with each.

Vercel Inc.

340 Pine Street, Suite 701, San Francisco, CA 94104, USA

Hosting & Infrastructure

Data processed

IP address, browser user-agent, pages requested, HTTP response codes, timestamps

Purpose

Delivering and serving the website; security monitoring and DDoS protection; performance diagnostics

Retention

Up to 30 days; then automatically deleted

Transfer safeguards

EU SCCs (Module 2) + UK IDTA; EU-US Data Privacy Framework certified; SOC 2 Type II

Vercel Privacy Policy · Vercel DPA

Google LLC: Google Analytics 4

1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Analytics · Consent-gated

Data processed (when consent given)

Anonymised client ID (cookie), session ID, approximate country/city (IP not stored), device category, browser, referrer; custom events: quiz_started, question_answered, quiz_completed, affiliate_click

Data processed (consent denied, default state)

Cookieless aggregate signals only. No client identifier stored or transmitted. Used by Google for statistical modelling.

Purpose

Understanding aggregate product usage and improving the Service. No advertising or behavioural profiling.

Retention

14 months (shortest available GA4 setting)

Legal basis

Article 6(1)(a) GDPR (consent) when accepted; Article 6(1)(f) (legitimate interests) for cookieless signals in denied state

Transfer safeguards

EU SCCs (Module 2) + UK IDTA; EU-US Data Privacy Framework certified

Google Privacy Policy · GA4 Data Safety · Google DPA

Functional Software, Inc. (dba Sentry)

45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA

Error Monitoring

Data processed

Error stack traces, breadcrumbs (console logs, navigation events, click events prior to an error), browser and operating-system identifiers from the User-Agent string, page URL where an error occurred, and a 10% sample of performance traces (page navigation timings, Core Web Vitals)

Data NOT processed

IP addresses, cookies, request headers, and session identifiers are not transmitted (sendDefaultPii: false). No user-entered quiz answers or form data are forwarded to Sentry.

Purpose

Identifying and diagnosing software errors and performance regressions in production

Retention

30 days for individual events; 90 days for grouped issues (Sentry free-tier defaults)

Legal basis

Article 6(1)(f) GDPR (legitimate interests in maintaining a functional and secure service)

Transfer safeguards

EU SCCs (Module 2) under Sentry’s Data Processing Addendum; SOC 2 Type II

Sentry Privacy Policy · Sentry DPA

2. Independent Data Controllers

These services receive data directly from your browser when you use the Service. They are independent data controllers; their own privacy policies govern how they process that data, not ours. We have no DPA with them because we do not instruct them on how to process the data they receive.

Google LLC: Google Fonts

1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Font Delivery

Data received by Google

IP address and browser user-agent string, transmitted automatically by your browser when requesting font files from fonts.googleapis.com

Google’s stated use

Google has publicly confirmed that Fonts API data is not used to build advertising profiles or for targeted advertising

Google Privacy Policy

Formation Service Partners

Stripe Atlas · Firstbase · Doola · Clerky · Osome · Sleek · Northwest Registered Agent · Healy Consultants · Deel

Affiliate Partners · On click only

When you click a referral link on IncorpAssist, you navigate to the partner’s website. That site may set cookies and collect personal data in accordance with its own privacy policy. We have no control over that processing. Referral links may include affiliate tracking parameters in the URL. We may receive aggregate, anonymised conversion data from partners; we do not receive your personal data.

3. Business Infrastructure

These services are used to run IncorpAssist as a business. In the ordinary course of operation, no visitor or user data from the website flows through them. They are listed here for complete transparency.

Google LLC: Google Workspace

1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Business Email & Productivity

Used for business email (privacy@incorpassist.com), document management, and internal collaboration. If you contact us by email, your communication will be processed via Google Workspace under Google’s Data Processing Amendment for Workspace customers. Google does not use Workspace customer data for advertising.

Google Workspace DPA · Google Privacy Policy

Wise Payments Ltd

Tea Building, 56 Shoreditch High Street, London E1 6JJ, UK. FCA-authorised (FRN: 900507)

Business Banking

Used for IncorpAssist’s business banking and payment processing. No visitor or user data is processed by or shared with Wise. Wise processes only the personal data of IncorpAssist as its business customer (i.e., operator identity and transaction data) for AML/KYB compliance and payment execution. Wise is authorised and regulated by the Financial Conduct Authority.

Wise Privacy Policy

Anthropic PBC

548 Market Street, PMB 90375, San Francisco, CA 94104, USA

Software Development Tool

Anthropic’s Claude AI is used by IncorpAssist’s developer as a software development assistant (Claude Code) to write, review, and improve the codebase. No visitor or user data from the website is sent to Anthropic. The IncorpAssist scoring engine, tax calculator, and scoring algorithm are deterministic TypeScript code running in your browser and on Vercel; they do not call any Anthropic API. The interaction between the developer and Claude involves code and technical prompts only.

Anthropic Privacy Policy

4. Planned Services (Not Yet Active)

Services under consideration or planned for future deployment are listed here. They are not currently active. This page will be updated, and the Privacy Policy and Cookie Policy will be revised, before any such service is deployed in a way that affects visitor data.

No services are currently planned but inactive. Sentry was promoted to an active subprocessor on 2 May 2026 (see Section 1).

5. Change Log

DateChange
2 May 2026Sentry (error monitoring) added as an active data subprocessor in Section 1. Configured with sendDefaultPii: false and 10% performance-trace sampling. Removed from Section 4 (Planned Services).
27 Mar 2026Page created. Listed: Vercel (hosting), Google Analytics 4 (consent-gated), Google Fonts, Google Workspace, Wise, Anthropic, and formation partners.

Questions?

If you have questions about our subprocessors or want to request a copy of any Data Processing Agreement, contact us at privacy@incorpassist.com. We acknowledge requests within 72 hours.