Security
Last updated: October 26, 2025
Vendor summary
| Category | Vendor | Data handled |
|---|---|---|
| Edge & networking | Cloudflare | Request metadata for routing, WAF, and DDoS protection |
| Application runtime | Fly.io | Application services, secrets, deployment logs |
| Database | Neon | Postgres records with encryption at rest and PITR |
| AI inference | OpenAI | Prompts and responses with no training usage |
| AI observability | Langfuse | Prompt metadata and metrics |
| Crawl automation | Firecrawl | Public web pages fetched for evaluation |
| Background jobs | Trigger.dev | Scoped workflow payloads for background jobs |
| Web search | Exa | Generated search queries only |
| Monitoring | Sentry | Sanitized error traces (90-day retention) |
| Product analytics | Posthog | Aggregate usage events without source code |
| Billing | Stripe | Payment instruments, invoices, and tax details |
Contact & disclosure
Please send questions and responsible disclosure reports to security@mistle.dev.