Material sub-suppliers
Last updated March 24, 2026
Responsibly uses the following sub-processors and sub-suppliers to deliver its services. Where personal data is transferred outside the European Economic Area (EEA), such transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission or another appropriate safeguard under Chapter V of the GDPR.
This list may be updated from time to time to reflect changes in our supplier relationships. Customers who have subscribed to update notifications will be informed in accordance with the terms of their agreement.
Material sub-supplier register
| Sub-supplier | Processing region | Nature of processing | Certifications | Security page |
|---|---|---|---|---|
| Auth0 | EU (Germany, Ireland) | Platform authentication provider (IAM) | ISO 27001, SOC2 | View |
| Vercel | EU (EU project region) | IaaS/PaaS, Edge Network and CDN for the Web UI and API endpoints | ISO 27001, SOC2 | View |
| AWS | EU (Germany, Ireland, Luxembourg) | Cloud hosting provider (IaaS/PaaS) | ISO 27001, ISO 27017, ISO 27018, SOC2 | View |
| EU (Germany, Ireland, Netherlands, Belgium, Denmark) | Cloud hosting provider (IaaS/PaaS) | ISO 14001, ISO 27001, SOC 1, SOC 2, SOC 3 | View | |
| Hubspot | EU (Germany) | Customer account management | SOC 2 Type II, SOC 3 | View |
| Mixpanel | EU (Germany, Ireland, Netherlands, Belgium, Denmark) | Analytics provider for usage data | SOC 2 Type II | View |
| Sentry | US* | Technical troubleshooting of customer issues | SOC2 Type I, SOC2 Type II, ISO 27001 | View |
| Slack | US* | Internal communications | ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, SOC 3 | View |
| Zapier | US* | Cross-platform notifications | SOC 2 Type II, SOC 3 | View |
| OpenRouter | US* | LLM routing and AI gateway services | SOC 2 Type I, SOC 2 Type II | View |
| Pinecone | US* | Vector database and semantic search infrastructure | SOC 2 Type II, ISO/IEC 27001 | View |
* Processing takes place in the United States. Transfers of personal data to these sub-suppliers are subject to Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms in accordance with GDPR Chapter V.