Sub-processors
Last updated: May 10, 2026
This page lists the third parties that may process Customer Personal Data on behalf of SalesSynq under the Data Processing Agreement. We notify Customers of any intended addition or replacement of an active Sub-processor at least 30 days in advance, by email to the Customer's administrative contact and by updating this page. To subscribe to change notifications, email privacy@salesynq.com.
How to read this page.
- Active sub-processors are in production use today.
- Conditional sub-processors run only on the marketing site and only after cookie consent.
- Available but not enabled by default are integrated in code as alternatives but are NOT engaged for production tenants. They will be moved to the Active list (with notice) before any production engagement.
Active Sub-processors
1. Infrastructure
Hosting, compute, storage and core platform services. Personal Data is stored at rest in this layer.
| Sub-processor | Purpose | Location of processing | Category of data | Certifications |
|---|---|---|---|---|
| Hetzner Online GmbH | Compute, block storage and networking for the SalesSynq application; self-managed PostgreSQL runs on Hetzner volumes. Hetzner Cloud volumes are encrypted at rest by Hetzner. | Hetzner Cloud, Helsinki (HEL1) by default for EEA tenants; alternative Hetzner locations (Falkenstein FSN1, Nuremberg NBG1) available on request. | All Customer Data at rest. | ISO/IEC 27001 (Hetzner Online GmbH); ISAE 3402 Type II for parts of the operation; EU Cloud Code of Conduct adherence declared. |
| Let's Encrypt (Internet Security Research Group) | Issuance and renewal of public TLS certificates. | United States (issuance authority); certificates are public artefacts. | No Customer Personal Data is transferred. | — |
2. AI / LLM inference
LLM providers used for semantic enrichment of free-text in Customer Data. Common PII categories (emails, phone numbers, IBANs, payment cards, IP addresses) are redacted before any prompt leaves SalesSynq. Customer Data is never used to train any model. Each call sets the OpenAI `user` field to an opaque, per-tenant identifier so the provider's abuse-monitoring stays per-tenant rather than co-mingled. The provider protocol enforces this: in production, attempting to invoke the LLM without tenant context fails closed.
| Sub-processor | Purpose | Location of processing | Category of data | Certifications |
|---|---|---|---|---|
| OpenAI, L.L.C. | Default LLM for semantic enrichment of message text into structured signals. We are applying for OpenAI Zero-Data-Retention; the org-level "do not use my data for training" toggle is the operational control. | United States, via api.openai.com. | Free-text content from messages and CRM activities, with PII redacted upstream of every call. | SOC 2 Type 2; ISO/IEC 27001; CCPA. |
| Microsoft Ireland Operations Limited | Azure OpenAI Service. Engaged only when LLM_REGION=eu is configured for an EU-pinned deployment. Azure OpenAI is operated by Microsoft, not by OpenAI; Customer Data does not pass to OpenAI when this path is in use. | EU regions (Sweden Central or France Central) when configured. | Same redacted prompt as the OpenAI entry above. | SOC 1/2/3; ISO/IEC 27001/27017/27018; HDS; C5; EU Data Boundary commitment. |
3. Operational and observability
Services used to operate the Service securely, bill Customers, and respond to incidents.
| Sub-processor | Purpose | Location of processing | Category of data | Certifications |
|---|---|---|---|---|
| Sentry (Functional Software, Inc.) | Error and exception tracking for the application. | United States (sentry.io). PII filtering enabled in our SDK configuration; "Send Default PII" is OFF. | Stack traces, request metadata, error fingerprints; not Customer Data by design. | SOC 2 Type 2; ISO/IEC 27001. |
| Stripe, Inc. | Billing, subscription management and payment processing. | United States and Ireland (Stripe Payments Europe Ltd. for EEA Customers). | Customer billing-contact identifiers and payment metadata. Card numbers do not transit SalesSynq. | PCI DSS Service Provider Level 1; SOC 1/2; ISO/IEC 27001. |
Conditional Sub-processors
4. Marketing-site analytics (cookie-consent gated)
These services run only on the public marketing site and only after the visitor has accepted analytics cookies via the consent banner. They are not loaded inside the authenticated Service.
| Sub-processor | Purpose | Location of processing | Category of data | Certifications |
|---|---|---|---|---|
| Google Tag Manager / Google Analytics 4 (Google LLC) | Aggregate marketing-site visitor analytics on salesynq.com. | United States; Google LLC is a EU-US DPF participant. | Web visitor data: IP address (truncated), device and browser metadata, page views. Not Customer Data. | ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, SOC 2/3. |
Not engaged by default
5. Available but not enabled by default
These LLM providers are integrated in our codebase as alternatives or for redundancy, but are NOT enabled in the production environment by default. They will be added to the active list with at least 30 days' notice if a deployment uses them.
| Sub-processor | Purpose | Location of processing | Category of data | Certifications |
|---|---|---|---|---|
| Anthropic, PBC | Alternative LLM provider for semantic enrichment. | United States, via api.anthropic.com. EU-region access available through AWS Bedrock if Bedrock is enabled (would require AWS Inc. / AWS EMEA SARL to be added as additional sub-processors at that point). | Same redacted prompt as OpenAI. | SOC 2 Type 2; ISO/IEC 27001. |
| Mistral AI | Alternative LLM provider; EU-native. | France (Paris). | Same redacted prompt as OpenAI. | GDPR, EU AI Act-aligned. |
| Cohere Inc. | Alternative LLM provider; embeddings. | Canada / United States. | Same redacted prompt as OpenAI; embedding text for vector search. | SOC 2 Type 2. |
| OpenRouter (TheVintageGarageInc) | LLM provider proxy used during development. | United States. | Forwarded to whichever upstream model is selected. | — |
| DeepSeek | Alternative LLM provider integrated in code; not enabled for production tenants. | China (PRC) — Customer Data is not sent to DeepSeek for any production tenant. | Not in use for production tenants. | — |
The Customer's own integrations (HubSpot, Zoho, Outlook, Gmail, WhatsApp, Slack, Telegram and similar) are not Sub-processors of SalesSynq. They are upstream sources from which Customer authorises SalesSynq to read data on Customer's behalf, and they remain governed by Customer's direct relationship with each provider.
See also: Data Processing Agreement, Privacy Policy, Security, AI Disclosure.