Subprocessors

Google Analytics

Google Analytics is an analytics platform that more uniquely gives us certain nice-to-have "vanity" analytics and serves as a good place for understanding where on the web our users are coming from.

United States

Yes

• Website usage data

• User location data (country, city)

• Device and browser information

• Anonymized IP addresses

• User behavior data

• SOC 2 and SOC 3 certified

• ISO 27001 certified

• Encryption in transit and at rest

• Access controls and authentication mechanisms

• Regular security audits

26 months for user-level and event-level data

Sentry

Sentry is used as our error logging platform. When you get an error, we get it too so we can better fix these bugs as soon as possible.

United States

Yes

• Application error logs and stack traces

• Performance metrics

• User context data related to errors (e.g., browser type, OS version)

• Limited user identification data

• SOC 2 Type II certified

• GDPR compliant

• Encryption in transit and at rest

• Role-based access controls

• Regular security audits

90 days

Intercom

Intercom is our customer support ticketing system. It allows us to help track, prioritize, and solve customer support interactions.

United States

Yes

• User profile information (e.g., name, email, company)

• Conversation history and content

• User behavior data

• Custom attributes or tags assigned to users

• SOC 2 Type II certified

• GDPR and CCPA compliant

• Encryption in transit (TLS) and at rest (AES-256)

• Multi-factor authentication

• Regular third-party security audits

• ISO 27001:2013 certified

90 days

Whereby

Facilitates live video calls for real-time communication

Ireland

Yes

• Video and audio streams during live calls

• Temporary storage of call recordings

• User metadata necessary for call functionality (e.g., participant names, call durations)

• End-to-end encryption for video calls

• SOC 2 Type II certified

• GDPR compliant

• Regular security audits

Recordings are temporarily stored and then immediately deleted after transfer to your own AWS S3 storage. No long-term data retention on Whereby's systems.

Render.com

Render.com is a cloud platform provider that offers hosting and deployment services for web applications, static sites, databases, and background workers. They provide infrastructure and tools to build and run applications and websites.

United States / Germany

Yes

Application data, user data, logs, and metadata related to hosted services

Global infrastructure with servers primarily in the US and EU Security measures: SOC 2 Type II certified, encryption in transit and at rest, regular security audits

60 days

AWS

Cloud storage (S3), messaging and mobile notifications (SNS), and media transcoding and processing (MediaConvert)

United States / France

Yes

• S3: Files and objects, potentially including user-generated content, backups, and application data

• SNS: Message payloads, which may include notifications and alerts

• MediaConvert: Video and audio files for processing and transcoding

Global infrastructure with data centers worldwide; customers can choose specific geographic regions for data storage and processing Security measures:

• Encryption in transit and at rest

• Access controls and identity management

• Compliance certifications including SOC 1, 2, and 3, ISO 27001

• Network security and protection against DDoS attacks

• S3: Customizable retention policies, data stored until deliberately deleted

• SNS: Messages typically retained for short periods during delivery

• MediaConvert: Input and output files retained as specified by the customer