Security & Sub-processors
Last updated: June 2, 2026
Overview
SimplePages is a hosted service that lets you generate, edit, and publish landing pages. This page documents the technical and organizational measures we use to protect customer data and the sub-processors we rely on to operate the service.
Data protection
- Encryption in transit: Traffic to SimplePages and to our sub-processors is served over TLS.
- Encryption at rest: Customer data stored in Supabase Postgres and Supabase Storage is encrypted at rest.
- Authentication: Accounts are authenticated through Supabase Auth with email/password or Google OAuth.
- Access control: Production access is restricted to authorized personnel. We use Supabase Postgres row-level security to enforce tenant isolation where applicable.
- Backups: The primary database is backed up regularly by Supabase.
- Monitoring: Application errors are captured in Sentry. Product usage is recorded in PostHog using pseudonymous identifiers.
Data residency
SimplePages is hosted in the United States. Most of our sub-processors are US-based; Cloudflare operates a global edge network.
AI providers
We send prompts and page content to Anthropic and OpenAI to generate and edit pages. Per their API terms, prompts submitted via the API are not used to train their models. Editor-agent conversation history is stored to power the chat experience inside the editor.
Sub-processors
We use the following sub-processors to deliver the service.
| Vendor | Purpose | Data processed | Location |
|---|---|---|---|
| Supabase | Authentication, primary database, and object storage for project files | Account profile, project content, uploaded assets | United States |
| Amazon Web Services (AWS) | Application hosting and transactional email (SES) | All request traffic, account email addresses | United States |
| Cloudflare | Edge worker that proxies external images referenced from published pages | URLs of third-party assets requested by published pages | Global edge network |
| Anthropic | Primary LLM provider powering page generation and the editor agent | Prompts you submit and page content the agent reads or writes | United States |
| OpenAI | Secondary LLM provider used for specific classification and generation tasks | Prompts and page snippets sent for processing | United States |
| Replicate | AI image generation for page assets | Image prompts and the resulting images | United States |
| Stripe | Subscription billing and Stripe Connect for creator payouts | Billing details and payment metadata (card data is collected directly by Stripe) | United States |
| Sentry | Application error monitoring | Stack traces and limited request context from errors | United States |
| PostHog | Product analytics | Pseudonymous event data, page paths, feature usage | United States |
| Google (OAuth + Google Analytics integration) | Sign-in with Google and optional Google Analytics connection for your published pages | OAuth profile email, GA property identifiers you authorize | United States |
| Mapbox | Map embeds inside published pages when you add a map block | Coordinates rendered on the page; end-user IPs reach Mapbox when the map loads | United States |
| ScreenshotAPI.net | Generates preview screenshots of public URLs you choose to import | The URLs you submit for screenshotting | United States |
| Logo.dev | Fetches brand logos when you import a brand from a website | The domain you submit | United States |
Reporting a vulnerability
If you believe you have found a security vulnerability in SimplePages, please email security@simplepages.ai with steps to reproduce. We will acknowledge your report and investigate. Please do not publicly disclose the issue until we have had a reasonable opportunity to address it.
Changes to this page
We may update this page from time to time. The "Last updated" date at the top reflects the most recent change.
This page describes our security practices and sub-processors in good faith and may change without notice. It is not a contract and does not modify or supplement any agreement between you and SimplePages. For contractual commitments, please refer to your subscription agreement.