Subprocessor Disclosure

1. Overview

This document identifies the third-party subprocessors used by Counsltrac in the operation of the service. A "subprocessor" is any third party engaged by Counsltrac that may access, store, transmit, or process Customer Data in connection with the Counsltrac service.

Counsltrac is operated by Counsltrac LLC, a Wyoming limited liability company ("Operator"), and runs entirely as a Slack application — there is no separate web application or browser dashboard. Counsltrac itself does not hold any independent security or privacy certifications. It is a small, single-operator product built on top of established infrastructure providers that are independently audited. The certifications listed below are held by those providers, not by Counsltrac. Their value to customers is that the parties that actually store, host, and process the data maintain externally verified security programs.

2. What Data Counsltrac Handles

Before describing each subprocessor, it is important to distinguish two data paths, because they involve different content:

• Data stored in the database (Supabase): structured matter metadata plus a small amount of optional free text. The full content of Slack conversations is NOT stored in the database — only a pointer (channel ID and thread timestamp) back to the originating Slack thread is kept.
• Data sent to the AI provider (Anthropic): during the AI-assisted intake and close-out steps, the text of the originating Slack message and, on close, the full Slack thread are sent to the AI provider so it can suggest field values and follow-up questions. This thread content can include privileged or sensitive legal discussion. See Section 3.2 for the controls that apply.

Subject data minimization (by design): Counsltrac's data model contains no field for the identity of the individual who is the subject of a matter — no subject name, email, or identifier is ever requested or stored. A matter is characterized only by attributes such as matter type, business unit/department, and jurisdiction. This is an intentional design choice: the identifying details of a matter's underlying situation already exist in Slack, under the customer's own security and access controls. By pointing back to the originating Slack thread instead of copying that content into a separate database, Counsltrac avoids creating a second store of personal data and privileged material, minimizing both data-privacy exposure and attorney-client privilege concerns.

In-product caution: the optional Opening/Closing Notes and the reopen-reason field are free-text. To reinforce this at the point of entry, the Open Matter, Close Matter, and Reopen Matter forms display the following caution directly beneath each free-text field:

3. Subprocessors

3.1 Supabase, Inc. — Database, Authentication, and Storage

Certifications published by Supabase: SOC 2 Type II, ISO/IEC 27001, HIPAA (available under a Business Associate Agreement), GDPR (Data Processing Addendum available), and PCI DSS.

Data-handling notes:

• Each Counsltrac workspace's data is isolated by workspace ID, with Row Level Security enforced at the database layer.
• Data is encrypted in transit (TLS) and at rest (AES-256).
• The full text of Slack conversations is not written to Supabase. Stored matter records keep only a channel ID and thread timestamp that link back to the source thread in Slack.
• No subject identity is stored (see Section 2). Because the structured records describe a matter only by type, business unit/department, and jurisdiction, a database-only breach could not reveal whose situation any matter concerns.
• Supabase in turn relies on its own infrastructure subprocessors (e.g., AWS and Cloudflare), as described in Supabase's documentation.

3.2 Anthropic, PBC — AI Inference

Certifications published by Anthropic: ISO/IEC 27001, ISO/IEC 42001 (AI management systems), and SOC 2 Type II.

What is actually sent to Anthropic — stated plainly:

• Opening a matter: the text of the originating Slack message is sent to Claude to extract structured fields and to draft intake follow-up questions.
• Closing a matter: the full Slack thread (up to the most recent 200 messages) is fetched from Slack and sent to Claude to suggest the outcome, level of effort, outside-counsel flag, and estimated hours.
• Natural-language Q&A: the user's typed question, recent conversation history, and structured matter metadata are sent to Claude. The Opening Notes, Closing Notes, and reopen-reason database fields are not included in these Q&A prompts.

How the privileged-content risk is managed:

• Because Slack thread content sent for intake and close-out can contain privileged attorney-client communications, the protection does not rest on withholding fields — it rests on Anthropic's data-handling terms.
• Under Anthropic's commercial API terms, prompts and outputs submitted through the API are not used to train Anthropic's models.
• Zero Data Retention (intended): the Operator intends to enter a Zero Data Retention (ZDR) agreement with Anthropic. Under ZDR, inputs and outputs are not retained after the request is processed, so legal content shared with Claude is not stored by the AI provider. Until that agreement is in place, standard Anthropic API retention applies.

3.3 Render Services, Inc. — Infrastructure Hosting (Operational Subprocessor)

The Counsltrac Slack bot runs as a single process hosted on Render. Render is a compute (platform-as-a-service) provider, not the system of record: it does not hold matter records at rest. Customer Data nonetheless passes through this process, so Render is disclosed here as an operational subprocessor.

Certifications published by Render: SOC 2 Type II and ISO/IEC 27001. The SOC 2 report and ISO 27001 certificate are available through Render's Document Center (under NDA for eligible plans).

Data-handling notes:

• In transit: all Customer Data passes through the bot process while it reads from Slack and writes to Supabase.
• Transient in memory: the bot keeps a short direct-message conversation history (the last several exchanges per user) in memory only. It is never written to disk and is cleared when the process restarts.
• Application logs: the bot's structured JSON logs (timestamp, workspace ID, user ID, and action) are emitted by the process and captured by Render's logging. The Opening Notes, Closing Notes, and reopen-reason fields and Slack message bodies are never logged.
• Not stored at rest: no matter records are persisted on Render; the database of record is Supabase.

3.4 Slack — the Customer's Own Platform (Not a Counsltrac Subprocessor)

Slack is the customer's own communication platform, governed by the customer's existing agreement with Slack and their own retention and access settings. Counsltrac operates inside the customer's Slack workspace rather than engaging Slack on the customer's behalf, so Slack is deliberately not listed above as a Counsltrac-engaged subprocessor — even though all matter conversations originate there and Slack message and thread content is transmitted to the AI provider as described in Section 3.2. Customers should apply their existing Slack data-governance and retention controls accordingly.

4. Changes to Subprocessors

The Operator will provide at least 30 days' advance written notice before adding or replacing any subprocessor. Customers may object to a new subprocessor within that period by contacting the Operator at privacy@counsltrac.com.

5. Contact

For questions regarding this Subprocessor Disclosure, contact:

Counsltrac LLC — privacy@counsltrac.com