Sub-processors
Version 2026-05-09 · Effective 2026-05-09
We use the sub-processors listed below to deliver the SupportCore Service. Every entry has access only to the data it needs for the described purpose, is bound by data protection obligations no less protective than our Data Processing Agreement, and is included in the sub-processor section of our Article 28 records.
We give customers at least 30 days notice before adding a new sub-processor that processes workspace content, via in-app banner and email to the workspace owner. See Section 6 of the Data Processing Agreement for the right-to-object process.
The table below is the source of truth — it is generated from app/lib/legal/sub-processors.ts so any change is shipped through the normal PR + version-bump process.
| Sub-processor | Purpose | Region | Data shared | Retention |
|---|---|---|---|---|
| Railway | Application hosting + PostgreSQL | United States | All operational data — tickets, conversations, user accounts, audit logs | Active for the life of the subscription; backups per Railway's PITR window |
| Cloudflare R2 | File storage (avatars, ticket attachments, exports) | United States | Uploaded files plus generated export bundles | Until the underlying record is deleted (lifecycle-tied) |
| Cloudflare (Edge / WAF / Turnstile) | Edge network, bot protection, custom-domain TLS | Global edge | Request IPs, paths, user-agent strings | Approx. 7 days log retention per Cloudflare defaults |
| Postmark | Outbound + inbound transactional email | United States | Sender, recipient, subject, message body of every email | 45-day message archive per Postmark's terms |
| Stripe | Subscription billing + payment processing | United States | Tenant billing email, plan, payment method (tokenised) | Per Stripe's data retention policy |
| OpenAI | AI bot replies, agent assist, sentiment, KB embeddings, chat summaries | United States | Prompt content (ticket subject + body excerpts, chat transcripts) | Zero-retention when enrolled (default for our org); otherwise 30-day abuse monitoring per OpenAI's API data policy |
| Sentry | Error monitoring | United States | User id + email + breadcrumbs on errors that involve a logged-in user | 90 days |
| Slack | Two-way notifications + interactive shortcuts (Marketplace app) | United States | Workspace install metadata + agent identity on attributed posts | Slack workspace-side retention controlled by the customer's Slack admin |
| Apple APNs | Push notifications to iOS clients | United States | Device push tokens + payload (title + body) | Per Apple's APNs documentation |
| Google FCM | Push notifications to Android + web clients | United States / Global | Device push tokens + payload (title + body) | Per Google's FCM documentation |
| Atlassian | Optional Jira + Confluence sync (per-tenant opt-in) | Tenant-selected (US / EU) | Ticket subject + body + status when sync is enabled | Per Atlassian's privacy notice |
| DeepL | Machine translation for Knowledge Base articles | EU or US (tenant-configured) | Article title, subtitle, and body text during translation jobs | Zero-retention for Pro API access per DeepL terms |
| Google Cloud | Machine translation fallback for Knowledge Base articles | United States / Global | Article title, subtitle, and body text during translation jobs | Per Google Cloud Data Processing Addendum |