Sub-Processors

Purpose: Application hosting, serverless functions, edge caching

Data shared: All data flows through the application layer; logs retained 30 days

Purpose: PostgreSQL database, Redis cache, background worker hosting

Data shared: Account data, deal content, AI usage records, OAuth tokens (encrypted), audit logs

Purpose: S3 object storage for database backups and file uploads

Data shared: Logical pg_dump backups (encrypted), document file uploads

Purpose: DNS resolution, edge caching via Vercel

Data shared: Request metadata (IP, user agent), no application data

Purpose: Primary AI model (Claude) for all agent workflows

Data shared: Prompts and contextual data you submit to AI agents; AI-generated responses

Purpose: Fallback AI model and specialized tasks

Data shared: Prompts when this provider is selected by the model router

Purpose: Specific AI tasks (text classification, translation)

Data shared: Prompts when this provider is selected

Purpose: Transactional email delivery (account, billing, notifications, dunning)

Data shared: Recipient email address, subject, body content

Purpose: SMS messaging via INT-04 integration (when an organization connects it)

Data shared: Phone numbers, message content (only for orgs with connected Twilio credentials)

Purpose: WhatsApp messaging via INT-03 integration

Data shared: Recipient WhatsApp numbers, message content (only for orgs with connected credentials)

Purpose: Slack workspace integration via INT-05

Data shared: Workspace ID, channel IDs, message content (sent on your behalf)

Purpose: Video meeting infrastructure (when enabled)

Data shared: Meeting metadata, audio/video streams during active calls

Purpose: Google OAuth login, Gmail (INT-01), Google Calendar (INT-02), People API contacts

Data shared: Account profile, OAuth tokens (stored encrypted), and on-demand mailbox/calendar/contacts access scoped to permissions you grant

Purpose: Microsoft OAuth, Outlook Mail (INT-06), Outlook Calendar, Microsoft Graph contacts

Data shared: Account profile, OAuth tokens (stored encrypted), and on-demand mailbox/calendar/contacts access scoped to permissions you grant

Purpose: Payment processing, subscription billing, customer portal (PAY-01, PAY-02)

Data shared: Cardholder data (PCI-scope; Stripe-hosted, we receive only customer ID and subscription metadata), billing address, organization name

Purpose: Error monitoring and performance tracing (OPS-02)

Data shared: Error stack traces, request URL, status, user agent, sometimes anonymized user ID. We strip deal content, AI prompts, and OAuth tokens from error reports.

Purpose: VC/PE company and deal intelligence (DS-10). Per-org credentials.

Data shared: Search queries, company IDs you look up

Purpose: Company and funding round data (DS-11, ENR-CB). Per-org credentials.

Data shared: Search queries, organization IDs you look up

Purpose: Sanctions screening across UN, EU, OFAC, and other lists (COMP-01/02, ENR-OS)

Data shared: Names, identifiers you screen

Purpose: Beneficial ownership data (COMP-03, ENR-OO)

Data shared: Company identifiers you query

Purpose: LinkedIn profile enrichment for contacts (ENR-PC)

Data shared: Contact names, LinkedIn URLs you enrich

Purpose: Global news and events feed (ENR-GDELT)

Data shared: Search queries (public, free dataset)

Purpose: EN+AR news aggregation (ENR-NC, DS-09)

Data shared: Search queries and topic filters

Purpose: Public US securities filings (DS-08, ENR-EDGAR)

Data shared: Company CIK and filing identifiers you query (public, free)

Purpose: US court records (ENR-CL)

Data shared: Search queries (public, free)

Purpose: MENA deal and startup data (ENR-MAGNITT)

Data shared: Search queries and company IDs

Purpose: Source code repository and CI/CD pipelines

Data shared: No customer data; only source code and CI logs