Subprocessors
Last updated: May 1, 2026
SignalStack uses select third-party subprocessors to assist in providing the Service. This page lists the current subprocessors, their purpose, and the location where they process data. We update this list as our subprocessors change.
In accordance with our GDPR compliance framework, we conduct due diligence on all subprocessors and contractually require them to meet data protection standards equivalent to our own. Customers are notified at least 30 days before a new subprocessor is engaged. Enterprise customers may object to new subprocessors within 14 days of notification.
Current Subprocessors
| Name | Purpose | Data Processing Location | Service Category |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure provider — compute, storage, database, and networking | United States, EU (Frankfurt), APAC (Sydney) | Infrastructure |
| Google Cloud Platform (GCP) | Cloud infrastructure — secondary compute, machine learning model serving, and data analytics | United States, EU (Frankfurt) | Infrastructure |
| Stripe, Inc. | Payment processing, subscription management, billing | United States | Financial |
| Plausible Analytics | Privacy-friendly website and product analytics | EU (Germany) | Analytics |
| PostHog, Inc. | Product analytics, feature flags, and session recording (opt-in) | United States, EU (Germany) | Analytics |
| Datadog, Inc. | Infrastructure monitoring, application performance monitoring, and log management | United States | Monitoring |
| Linear SAS | Issue tracking, product management, and development workflow | United States | Development |
| GitHub, Inc. | Source code hosting, CI/CD, and package registry | United States | Development |
| Notion Labs, Inc. | Internal documentation, knowledge base, and collaboration | United States, EU (Ireland) | Productivity |
| Slack Technologies, LLC | Internal communication and customer support collaboration | United States | Communication |
| Intercom, Inc. | Customer support ticketing, live chat, and user engagement messaging | United States | Support |
| SendGrid (Twilio Inc.) | Transactional email delivery (password resets, billing notifications, security alerts) | United States | Communication |
Due Diligence Process
Before engaging a subprocessor, SignalStack performs a risk assessment that includes:
- Review of the subprocessor's security certifications (SOC 2, ISO 27001, etc.).
- Evaluation of data protection policies and practices.
- Review of data breach history and incident response capabilities.
- Contractual commitments to data protection standards equivalent to our own.
- Where applicable, review of Standard Contractual Clauses or other transfer mechanisms.
Notification Process
We notify customers of new subprocessors through the following channels:
- Email notification to account administrators — no less than 30 days before the engagement date.
- Update to this page — updated within 5 business days of changing a subprocessor.
- In-app notification in the SignalStack dashboard.
Enterprise customers have the right to object to a new subprocessor within 14 days of notification. If we cannot accommodate a reasonable objection, the customer may terminate the affected service component without penalty.
Contact
For questions about our subprocessors:
- Email: privacy@signal-stack-ten.vercel.app
SignalStack, Inc.
548 Market St, Suite 98989
San Francisco, CA 94104
United States