Subprocessors

Name

Google Analytics

Description

Google Analytics is an analytics platform that more uniquely gives us certain nice-to-have "vanity" analytics and serves as a good place for understanding where on the web our users are coming from.

Data Location

United States

DPA

Yes

Type of data processed

  • Website usage data

  • User location data (country, city)

  • Device and browser information

  • Anonymized IP addresses

  • User behavior data

Data Transfers

  • SOC 2 and SOC 3 certified

  • ISO 27001 certified

  • Encryption in transit and at rest

  • Access controls and authentication mechanisms

  • Regular security audits

Data Retention Duration

26 months for user-level and event-level data

Name

Sentry

Description

Sentry is used as our error logging platform. When you get an error, we get it too so we can better fix these bugs as soon as possible.

Data Location

United States

DPA

Yes

Type of data processed

  • Application error logs and stack traces

  • Performance metrics

  • User context data related to errors (e.g., browser type, OS version)

  • Limited user identification data

Data Transfers

  • SOC 2 Type II certified

  • GDPR compliant

  • Encryption in transit and at rest

  • Role-based access controls

  • Regular security audits

Data Retention Duration

90 days

Name

Intercom

Description

Intercom is our customer support ticketing system. It allows us to help track, prioritize, and solve customer support interactions.

Data Location

United States

DPA

Yes

Type of data processed

  • User profile information (e.g., name, email, company)

  • Conversation history and content

  • User behavior data

  • Custom attributes or tags assigned to users

Data Transfers

  • SOC 2 Type II certified

  • GDPR and CCPA compliant

  • Encryption in transit (TLS) and at rest (AES-256)

  • Multi-factor authentication

  • Regular third-party security audits

  • ISO 27001:2013 certified

Data Retention Duration

90 days

Name

Whereby

Description

Facilitates live video calls for real-time communication

Data Location

Ireland

DPA

Yes

Type of data processed

  • Video and audio streams during live calls

  • Temporary storage of call recordings

  • User metadata necessary for call functionality (e.g., participant names, call durations)

Data Transfers

  • End-to-end encryption for video calls

  • SOC 2 Type II certified

  • GDPR compliant

  • Regular security audits

Data Retention Duration

Recordings are temporarily stored and then immediately deleted after transfer to your own AWS S3 storage. No long-term data retention on Whereby's systems.

Name

Render.com

Description

Render.com is a cloud platform provider that offers hosting and deployment services for web applications, static sites, databases, and background workers. They provide infrastructure and tools to build and run applications and websites.

Data Location

United States / Germany

DPA

Yes

Type of data processed

Application data, user data, logs, and metadata related to hosted services

Data Transfers

Global infrastructure with servers primarily in the US and EU Security measures: SOC 2 Type II certified, encryption in transit and at rest, regular security audits

Data Retention Duration

60 days

Name

AWS

Description

Cloud storage (S3), messaging and mobile notifications (SNS), and media transcoding and processing (MediaConvert)

Data Location

United States / France

DPA

Yes

Type of data processed

  • S3: Files and objects, potentially including user-generated content, backups, and application data

  • SNS: Message payloads, which may include notifications and alerts

  • MediaConvert: Video and audio files for processing and transcoding

Data Transfers

Global infrastructure with data centers worldwide; customers can choose specific geographic regions for data storage and processing Security measures:

  • Encryption in transit and at rest

  • Access controls and identity management

  • Compliance certifications including SOC 1, 2, and 3, ISO 27001

  • Network security and protection against DDoS attacks

Data Retention Duration

  • S3: Customizable retention policies, data stored until deliberately deleted

  • SNS: Messages typically retained for short periods during delivery

  • MediaConvert: Input and output files retained as specified by the customer

Last updated