SUBPROCESSORS

Third parties we work with

We use carefully selected subprocessors to deliver our services. Each undergoes due diligence for security, privacy, and compliance.

Notice of changes: Customers are notified at least 30 days before any new subprocessor is added or material changes are made. Subscribe to subprocessor updates.

Microsoft Azure

📍 EU (West Europe — Amsterdam)

View DPA →

Purpose: Cloud infrastructure, compute, storage, Sentinel SIEM, Defender for Cloud

ISO 27001 ISO 27018 SOC 1/2/3 GDPR HIPAA

Microsoft Graph / Microsoft 365

📍 EU (regional)

View DPA →

Purpose: Email signature deployment, Office 365 integration

ISO 27001 SOC 1/2/3 GDPR EU Data Boundary

Cloudflare

📍 Global (EU primary)

View DPA →

Purpose: DNS, CDN, DDoS protection, TLS termination, Zero Trust tunnels

ISO 27001 SOC 2 Type II GDPR

GitHub (Microsoft)

📍 Global

View DPA →

Purpose: Source code hosting, CI/CD pipelines, security scanning

ISO 27001 SOC 2 Type II GDPR

Contabo GmbH

📍 EU (Germany — Nuremberg)

View DPA →

Purpose: VPS hosting for production applications

ISO 27001 (data center) GDPR

Stripe

📍 EU (Ireland — Dublin)

View DPA →

Purpose: Payment processing (we never see or store payment cards)

PCI-DSS Level 1 ISO 27001 SOC 1/2 GDPR

Voyage AI

📍 USA

View DPA →

Purpose: Email embedding for AI agent semantic search (metadata only, no body content)

SOC 2 Type II

Jina AI

📍 EU (Germany — Berlin)

View DPA →

Purpose: Backup embedding service (fallback when Voyage rate-limited)

GDPR

Groq Inc.

📍 USA

View DPA →

Purpose: AI inference for blog content generation (no customer data)

Privacy compliance program

Last updated: May 16, 2026