Iris
← FAQ

Security & sub-processors

Iris is operated by StrataBalance Pty Ltd. This page summarises typical infrastructure for the web app; your production deployment should match the regions and vendors configured in your own accounts.

Data regions

Primary customer content (evidence, drafts, scheme data) lives in your Supabase project region. Point-in-time recovery, backups, and encryption are provided by Supabase per your plan.

AI requests are processed by Anthropic. With Zero Data Retention enabled on your Anthropic workspace, prompts and outputs are not retained for model training.

For exact residency and DPA terms, use each vendor's documentation and your organisation's agreements. The Privacy policy is the legal source of truth once reviewed for your launch.

Sub-processors we rely on

  • Supabase

    Auth, Postgres database, file storage

    Region: Project region (e.g. Sydney when hosted in ap-southeast-2)

  • Anthropic

    AI inference for Iris chat and document features

    Region: Zero Data Retention (ZDR) when enabled on the Anthropic account

  • Vercel

    Application hosting and edge delivery

    Region: Closest to your Vercel project region (e.g. Sydney syd1)

  • Stripe

    Payments and subscription billing

    Card data stays with Stripe

  • Resend

    Transactional email (e.g. auth, escalations)

    Region: Per your Resend workspace settings

  • Sentry

    Error monitoring

    Region: Per your Sentry project (often EU or US)

  • PostHog

    Product analytics (when NEXT_PUBLIC_POSTHOG_KEY is set)

    Region: Often EU (eu.i.posthog.com) — see your PostHog project

  • Google (OAuth & Maps)

    Optional Google sign-in; optional Places when Maps API keys are configured

    Region: Google’s infrastructure per product terms

Iris is a tool, not advice. This page is operational transparency, not a legal agreement. See Terms and Privacy.