Subprocessors
Google Analytics
Google Analytics is an analytics platform that more uniquely gives us certain nice-to-have "vanity" analytics and serves as a good place for understanding where on the web our users are coming from.
United States
Yes
Website usage data
User location data (country, city)
Device and browser information
Anonymized IP addresses
User behavior data
SOC 2 and SOC 3 certified
ISO 27001 certified
Encryption in transit and at rest
Access controls and authentication mechanisms
Regular security audits
26 months for user-level and event-level data
Sentry
Sentry is used as our error logging platform. When you get an error, we get it too so we can better fix these bugs as soon as possible.
United States
Yes
Application error logs and stack traces
Performance metrics
User context data related to errors (e.g., browser type, OS version)
Limited user identification data
SOC 2 Type II certified
GDPR compliant
Encryption in transit and at rest
Role-based access controls
Regular security audits
90 days
Intercom
Intercom is our customer support ticketing system. It allows us to help track, prioritize, and solve customer support interactions.
United States
Yes
User profile information (e.g., name, email, company)
Conversation history and content
User behavior data
Custom attributes or tags assigned to users
SOC 2 Type II certified
GDPR and CCPA compliant
Encryption in transit (TLS) and at rest (AES-256)
Multi-factor authentication
Regular third-party security audits
ISO 27001:2013 certified
90 days
Whereby
Facilitates live video calls for real-time communication
Ireland
Yes
Video and audio streams during live calls
Temporary storage of call recordings
User metadata necessary for call functionality (e.g., participant names, call durations)
End-to-end encryption for video calls
SOC 2 Type II certified
GDPR compliant
Regular security audits
Recordings are temporarily stored and then immediately deleted after transfer to your own AWS S3 storage. No long-term data retention on Whereby's systems.
Render.com
Render.com is a cloud platform provider that offers hosting and deployment services for web applications, static sites, databases, and background workers. They provide infrastructure and tools to build and run applications and websites.
United States / Germany
Yes
Application data, user data, logs, and metadata related to hosted services
Global infrastructure with servers primarily in the US and EU Security measures: SOC 2 Type II certified, encryption in transit and at rest, regular security audits
60 days
AWS
Cloud storage (S3), messaging and mobile notifications (SNS), and media transcoding and processing (MediaConvert)
United States / France
Yes
S3: Files and objects, potentially including user-generated content, backups, and application data
SNS: Message payloads, which may include notifications and alerts
MediaConvert: Video and audio files for processing and transcoding
Global infrastructure with data centers worldwide; customers can choose specific geographic regions for data storage and processing Security measures:
Encryption in transit and at rest
Access controls and identity management
Compliance certifications including SOC 1, 2, and 3, ISO 27001
Network security and protection against DDoS attacks
S3: Customizable retention policies, data stored until deliberately deleted
SNS: Messages typically retained for short periods during delivery
MediaConvert: Input and output files retained as specified by the customer
Last updated