LEGAL
Subprocessors.
ShareCo uses the vendors below to operate the product, process BOM risk signals, deliver email, and run internal operations. The list is reviewed quarterly and whenever a material vendor changes.
Current vendors
Last reviewed May 25, 2026. Questions or objections can be sent to hello@shareco.ca.
Quarterly review
| Vendor | Purpose | Data processed | Location |
|---|---|---|---|
| Coolify | Application deployment and container orchestration | Application logs, service metadata, environment variable keys | Founder-controlled infrastructure |
| PostgreSQL | Primary product database | Users, organizations, memberships, BOM rows, alerts, API keys, audit events | Founder-controlled infrastructure |
| Resend | Transactional email delivery | Recipient email, message subject, message body, delivery metadata | United States |
| Inngest | Background job orchestration and retries | Job payload metadata, organization identifiers, BOM and alert event identifiers | United States |
| OpenAI | AI-assisted BOM column detection, alert summaries, and alternate ranking | Part identifiers, normalized BOM context, lifecycle summaries, prompt metadata | United States |
| PostHog | Product analytics and operational dashboards | Usage events, page views, account identifiers, product interaction metadata | United States |
| Digi-Key | Official distributor lifecycle, stock, lead-time, and pricing signals | Manufacturer part numbers and distributor lookup metadata | United States |
| Mouser | Official distributor lifecycle, stock, lead-time, and pricing signals | Manufacturer part numbers and distributor lookup metadata | United States |
| Linear | Operational issue tracking and founder-input workflow | Issue descriptions, operational notes, support context when copied into issues | United States |
| GitHub | Source control, deployment trigger, and code review history | Source code, commit metadata, pull request and deployment metadata | United States |