Sub-processors
Third parties Stash relies on to deliver the service. Each row lists what they touch and why. We don't ship your data to anyone not on this list.
Last updated: 2026-05-15.
| Vendor | Purpose | What data is involved | Location |
|---|---|---|---|
| Google (Gemini API) | AI vision: item detection + bounding boxes; tag suggestions; floorplan-art generation. | Photos you submit for ingest, item names, notes. Output is returned to Stash; Google's API terms govern downstream training (we use Vertex / Gemini API endpoints that opt out of training by default). | US / EU (region depends on the Gemini API endpoint). |
| Anthropic (Claude API) | Box-matching suggestion ("which existing box should this item go in?"). | Item names + notes + the box-name list. No photos. | US. |
| Stripe | Subscription billing. | Email address, subscription state, payment-method metadata. Card numbers go directly to Stripe; we never see them. | US / EU. |
| Backblaze B2 | Off-site backup storage for nightly tenant DR archives. | Encrypted tenant database + photo bytes. The key-encryption key is held separately from B2 by design — a B2 breach alone does not expose plaintext data. | US. |
| Google (OAuth identity) | Sign-in identity provider via oauth2-proxy. | Email + Google account ID, used to map you to a Stash tenant membership. | US / EU. |
Changes
We'll update this page + email registered tenants at least 30 days before adding a new sub-processor that handles tenant content. Routine swaps within the same provider (e.g. Stripe → Stripe successor product) don't trigger a notice.
Engineering note
This list is part of the operator surface — see the in-app /admin "Vendor cost (this month)" panel for live spend across these providers. Cost numbers + sub-processor list never leave Stash operator hands and are not shown to tenant maintainers.