LegalLast updated · May 27, 2026

Sub-processors

This page lists the third-party service providers ("sub-processors") that Obelisk Studios LLC engages to operate Grace Production OS. Each receives only the personal data necessary to deliver its piece of the service, and each is contractually bound to use that data solely on our instructions.

Per our Privacy Policy and Data Processing Addendum, we provide at least 14 days' advance notice before adding or replacing a sub-processor that processes customer personal data. To receive that notice by email, write to privacy@theobeliskstudio.com.

01

Current sub-processors

Effective as of the "Last updated" date above. Each entry names the provider, the function it performs, the categories of data it receives, and the legal entity's principal place of business.

Clerk, Inc. (United States)
Authentication, sign-in, session management, and multi-factor enrollment. Receives account email, name, password hash, and (if enabled) MFA factors.
Stripe, Inc. (United States)
Subscription billing and payment processing. Receives billing email, payment-method details (collected by Stripe directly, never by Obelisk Studios), tax/billing address, and the metadata Stripe needs to render invoices.
Resend, Inc. (United States)
Outbound email delivery (call sheets, production invitations, vault shares, verification codes, transactional notifications). Receives recipient addresses and email body content.
Cloudflare, Inc. (United States)
(a) Object storage via Cloudflare R2 for scripts, photos, screeners, dailies, and call-sheet PDFs (files encrypted at rest with AES-256). (b) DNS, network edge, marketing-site CDN, and bot/DDoS mitigation. Receives standard request metadata (IP, user agent, URL path) in the edge role; receives uploaded file contents in the R2 role.
Neon, Inc. (United States)
Managed PostgreSQL hosting for the Grace application database, with point-in-time recovery snapshots. Receives all structured application data described in the Privacy Policy.
Railway Corp. (United States)
Application hosting and compute for the Grace web/server tier. Receives all data passing through Grace's servers in the course of request handling.
Sentry, by Functional Software, Inc. (United States)
Error monitoring and diagnostics. Receives error messages and stack traces, the page or route where an error occurred (with sensitive tokens and query parameters redacted), browser/device/OS type, and a pseudonymous account identifier. Does not receive names, email addresses, or production content.
Anthropic, PBC (United States)
AI processing of script content (Claude API). Receives script text or PDF for breakdown extraction. Anthropic's paid API tier does not retain user-API data beyond standard operational logs and does not use it for model training.
Google LLC (United States)
(a) Fallback AI processing of script content (Gemini API) when Claude is unavailable. (b) Address geocoding via the Google Maps Platform Places API for production locations and nearest-hospital lookups on call sheets. Receives the script text (Gemini) or the address string (Places). Neither service uses paid-API content to train Google's general models.
Open-Meteo GmbH (Germany)
Weather data for shoot-day forecasts on call sheets. Receives latitude/longitude only, no production identity.
OpenStreetMap Foundation, United Kingdom (Nominatim hosted service)
City-level coordinates lookup for weather forecasts on call sheets. Receives the city string only, no production identity.
Thy Dark Hour Systems (OPC) Pvt Ltd, India
Software development, technical operations, and customer-support engineering for Grace. Personnel acting under TDH's engagement may access the production database for engineering and support purposes. Subject to an intercompany DPA with Obelisk Studios LLC and to the international-transfer safeguards described in the Privacy Policy.
02

How to receive change notifications

Email privacy@theobeliskstudio.com with the subject "Sub-processor notifications" and we will add your address to the notification list. Notifications go out at least 14 days before any added or replaced sub-processor begins processing customer personal data. If a security incident at a sub-processor requires immediate substitution, we will notify the list as quickly as reasonably possible and follow up with the post-incident review.

03

Audit history

The list above is the current state. We do not yet publish a historical changelog of past sub-processor changes; if you need that history for a vendor-risk review, email privacy@theobeliskstudio.com and we will provide it for the period of your engagement.

Privacy contact

For questions about any sub-processor on this list, to object to a planned change, or to subscribe to change notifications, contact the Obelisk Studios Privacy Lead.

privacy@theobeliskstudio.com