Subprocessors
The third parties that process customer personal data on StratenOcon's behalf.
About this list
To provide the StratenOcon service, we engage the subprocessors below. A subprocessor is a third party that processes customer personal data on our behalf under a data processing agreement compliant with GDPR Article 28. Each is bound by confidentiality and data protection obligations and may only process data to deliver its service to us.
We notify customers of material changes to this list (for example, before adding a new subprocessor that processes customer content). For transfers of personal data outside the European Economic Area, we rely on appropriate safeguards under GDPR Chapter V — principally the European Commission's Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework (DPF) where the recipient is certified — supplemented by technical measures such as encryption in transit.
See our Privacy Policy for how we handle personal data more generally.
Core infrastructure & platform subprocessors
| Subprocessor | Purpose | Data processed | Location | Transfer safeguard |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, storage, email (SES) | All service data | EU (eu-west-3, Paris); SES / certain services in US regions where noted | AWS GDPR DPA / SCCs |
| Anthropic (Claude) | AI answer & agent generation | User queries, document context, prompts | USA | SCCs / DPF; zero-retention where available |
| OpenAI | AI embeddings, vision (image), transcription (audio), answers | Document content, images, audio | USA | SCCs / DPF |
| Stripe | Payment & subscription processing | Billing contact, payment metadata | USA / EU | SCCs / DPF |
| Sentry | Error monitoring | Technical error context (PII scrubbed) | USA | SCCs / DPF |
| Resend | Transactional email delivery | Recipient email, message content | USA | SCCs / DPF |
Connector providers
The following providers are engaged only when a customer explicitly authorises the corresponding connector. Data is processed at the customer's direction and consists of content from the connected system.
| Subprocessor | Purpose | Data processed | Location | Transfer safeguard |
|---|---|---|---|---|
| Google (Drive, Gmail, Calendar) | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Microsoft (Graph, Outlook, OneDrive, Teams) | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Slack | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Notion | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| GitHub | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Atlassian (Jira, Confluence) | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| HubSpot | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Zendesk | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Asana | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Monday.com | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Zoom | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
| Loom | Data source integration | Content from the connected system, at customer's direction | USA / global | Provider DPA / SCCs |
Questions
For questions about our subprocessors or to request a Data Processing Agreement, contact privacy@stratenocon.com.