Legal
Subprocessors
Last updated · April 23, 2026 — Private Beta
Nicole Assist uses the third-party providers below to run the Service. Each receives only the data it needs for the described purpose. For context on how your data flows through the Service, see our Privacy Policy.
| Vendor | Purpose | Data shared | Region |
|---|---|---|---|
| Anthropic (Claude API) | Large language model that powers the scheduling agent. | Scheduling thread contents (subject + body of the active thread), tenant rules, calendar availability windows for the requested window. Not persisted by Anthropic for training. | United States |
| Microsoft (Graph API, Entra ID) | Calendar free/busy reads and event create/update/cancel on your behalf. Optional Outlook contacts read for the M365 sync feature. | OAuth access + refresh tokens, calendar ids, free/busy windows, event bodies we create. When you opt into contacts sync: contact names + emails + company/title pulled into your tenant contacts table. Your mailbox/calendar remain in your own Microsoft 365 tenant; we do not mirror them. | Customer-chosen Microsoft 365 region |
| Zoom (OAuth + Meetings API) | Optional. Tenants who pick Zoom as their default video provider connect a Zoom account so Nicole can create scheduled Zoom meetings and attach the join URL to calendar invites. | OAuth access + refresh tokens (encrypted at rest with per-tenant keys), Zoom user id, meeting ids and join URLs we create. The meetings themselves stay in your Zoom account. | United States |
| Supabase (Postgres + Vault) | Primary database for tenant metadata, threads, messages, audit log, and encrypted refresh tokens. | All tenant-scoped records. Refresh tokens and MFA secrets are column-encrypted with per-tenant keys before storage. | United States (us-east-1) |
| Resend | Inbound email receipt (wildcard forwarding on the scheduling domain) plus outbound transactional email for scheduling replies and auth emails. | Inbound: full email payloads — headers, body, attachments — retained by Resend while we ingest them, then stored in Supabase. Outbound: From/To/Subject, rendered body, message-id, briefly retained by Resend for delivery analytics. | United States |
| Inngest | Scheduled and event-driven background jobs (token refresh, follow-ups, digests, usage rollup). | Job event payloads — tenant id, thread id, message id — that reference records in our database. | United States |
| Vercel | Hosting for the Next.js application (tenant dashboard, admin console, marketing site). | Request logs (tenant id tag, trace id, path, status) retained for 30 days. | United States |
| Sentry | Error monitoring. | Unhandled exceptions with tenant id tag. PII is scrubbed before send; refresh tokens, session tokens, and email bodies are not included. | United States |
| Axiom | Structured application logs. | JSON log lines tagged with tenant id and trace id, retained for 30 days. | United States |
Anthropic (Claude API)
Large language model that powers the scheduling agent.
Scheduling thread contents (subject + body of the active thread), tenant rules, calendar availability windows for the requested window. Not persisted by Anthropic for training.
United States
Microsoft (Graph API, Entra ID)
Calendar free/busy reads and event create/update/cancel on your behalf. Optional Outlook contacts read for the M365 sync feature.
OAuth access + refresh tokens, calendar ids, free/busy windows, event bodies we create. When you opt into contacts sync: contact names + emails + company/title pulled into your tenant contacts table. Your mailbox/calendar remain in your own Microsoft 365 tenant; we do not mirror them.
Customer-chosen Microsoft 365 region
Zoom (OAuth + Meetings API)
Optional. Tenants who pick Zoom as their default video provider connect a Zoom account so Nicole can create scheduled Zoom meetings and attach the join URL to calendar invites.
OAuth access + refresh tokens (encrypted at rest with per-tenant keys), Zoom user id, meeting ids and join URLs we create. The meetings themselves stay in your Zoom account.
United States
Supabase (Postgres + Vault)
Primary database for tenant metadata, threads, messages, audit log, and encrypted refresh tokens.
All tenant-scoped records. Refresh tokens and MFA secrets are column-encrypted with per-tenant keys before storage.
United States (us-east-1)
Resend
Inbound email receipt (wildcard forwarding on the scheduling domain) plus outbound transactional email for scheduling replies and auth emails.
Inbound: full email payloads — headers, body, attachments — retained by Resend while we ingest them, then stored in Supabase. Outbound: From/To/Subject, rendered body, message-id, briefly retained by Resend for delivery analytics.
United States
Inngest
Scheduled and event-driven background jobs (token refresh, follow-ups, digests, usage rollup).
Job event payloads — tenant id, thread id, message id — that reference records in our database.
United States
Vercel
Hosting for the Next.js application (tenant dashboard, admin console, marketing site).
Request logs (tenant id tag, trace id, path, status) retained for 30 days.
United States
Sentry
Error monitoring.
Unhandled exceptions with tenant id tag. PII is scrubbed before send; refresh tokens, session tokens, and email bodies are not included.
United States
Axiom
Structured application logs.
JSON log lines tagged with tenant id and trace id, retained for 30 days.
United States
Material changes to this list will be emailed to the address on file before they take effect. Questions: support@nicoleassist.com.