Subprocessors
The third-party vendors WebForger relies on to operate the service. Last updated 29 April 2026 (v1.0). Forms part of the Privacy Policy.
Quick read: WebForger is built on a small, named set of vendors. Cloudflare hosts your site and our infrastructure; a few additional services handle AI generation, payments, email and analytics. We list every vendor below with what they do, what data they touch and where to read their privacy commitments. We give 14 days' notice in the dashboard before adding a new subprocessor that materially affects how we process your data.
1. Core infrastructure
The platform lives entirely on Cloudflare. There is no separate hosting region, no separate CDN, and no separate DDoS provider. Removing or degrading Cloudflare would take WebForger offline.
| Vendor | Purpose | Data region | Privacy |
|---|---|---|---|
| Cloudflare, Inc. United States |
Hosting (Workers), object storage (R2), key-value (KV), CDN, DNS, WAF, DDoS protection, image delivery, queues. Hosts both the marketing site and every customer site. | Global edge; primary R2 metadata in selected region (currently APAC). Visitor IPs processed at edge. | Policy |
2. AI generation
Wizard and editor prompts you submit are sent to third-party AI providers to draft text or imagery. The output is yours; the provider acts as a processor under our commercial terms and does not own or train on the result. Specific vendor names are disclosed under our Data Processing Addendum on request.
| Category | Purpose |
|---|---|
| AI language model provider | Site drafting, copywriting, blog generation and editor assistance. |
| AI image generation provider | Hero images, blog imagery and brand assets. |
3. Payments
WebForger does not store full card numbers. Card details are entered directly into the provider's hosted form. We receive an internal reference, the last four digits, brand, expiry, and the billing country.
| Vendor | Purpose | Data region | Privacy |
|---|---|---|---|
| Stripe, Inc. United States / Ireland |
Card processing, subscription billing, invoicing, fraud screening. | Stripe selects region; primary processing in the United States with EU mirroring. | Policy |
| PayPal Holdings, Inc. United States / Singapore |
PayPal account billing where the customer prefers PayPal over card. | PayPal global; processing locations chosen by PayPal. | Policy |
4. Email and notifications
| Vendor | Purpose | Data region | Privacy |
|---|---|---|---|
| Resend, Inc. United States |
Transactional email: account, login, password reset, lead-form notifications, billing receipts. Limited marketing email where the customer opts in. | United States. | Policy |
5. Analytics on webforger.ai
The vendors below run on the WebForger marketing site (webforger.ai) and dashboard only. They are not installed on your hosted site by default; if you choose to add them yourself, they appear under your own privacy notice, not ours.
| Vendor | Purpose | Data region | Privacy |
|---|---|---|---|
| Google Analytics 4 Google LLC, United States |
Marketing site analytics: which content brings prospects, which pages convert, signup funnel. | United States. | Policy |
| Google Tag Manager Google LLC, United States |
Tag delivery container that loads the analytics tag above. | United States. | Policy |
6. What is not on this list
- We do not use a separate database, search index, log aggregator, or session replay vendor; everything runs inside Cloudflare's stack.
- We do not share your wizard inputs, content, or account information with data brokers, advertising networks, or AI training datasets.
- We do not run third-party advertising, retargeting pixels, or session recording on your hosted site by default.
- If you install Google Analytics, Meta Pixel, or any other tag on your own site through the editor, you are responsible for the cookie notice and consent your audience is entitled to.
7. Changes to subprocessors
Before adding a new subprocessor that materially affects how we process customer data, we will give 14 days' notice in the dashboard and update this page. Routine swaps that do not change the type of data being processed (for example, switching transactional email between two equivalent providers) will be reflected here on the day they take effect, and customers on the Custom plan will receive direct notice.
Customers on a Custom plan can request a Data Processing Addendum (DPA) by emailing privacy@webforger.ai.
Document version: 1.0, 29 April 2026.