Subprocessors
Our authorized data processing partners
SubJolt Subprocessors
Last Updated: February 22, 2026
As part of our commitment to transparency and GDPR compliance, SubJolt maintains this list of authorized subprocessors who may have access to customer data in the course of providing our services.
All subprocessors are contractually bound to protect customer data and maintain appropriate security measures. We conduct regular reviews of our subprocessors to ensure continued compliance with data protection standards.
Authorized Subprocessors
| Subprocessor | Purpose | Data Processed | Location | Privacy Policy |
|---|---|---|---|---|
| Neon (Database) | Database Storage | Account data, event logs, configurations, credentials | US | View Policy |
| Neon Auth | Authentication | User email, password hashes, session tokens | US | View Policy |
| Stripe | Payment Processing, Subscription Management | Payment/billing info, subscription data, customer IDs | US/EU | View Policy |
| Shopify | Subscription Management | Subscription contracts, customer IDs, shop domains | US/CA | View Policy |
| Chargebee | Subscription Management | Subscription data, customer IDs | US/EU | View Policy |
| Vercel | Hosting, CDN, Serverless Functions | Site traffic logs, API request metadata, performance data | US/EU | View Policy |
| Sentry | Error Monitoring | Error logs, performance metrics, request context | US | View Policy |
| Google Analytics | Website Analytics | Anonymized usage data, traffic patterns | US/EU | View Policy |
| HubSpot | CRM, Form Handling | Form submissions, email addresses, tracking data | US/EU | View Policy |
| Resend | Email Delivery | Email addresses, delivery logs | US | View Policy |
Data Transfer Safeguards
- EU Data Transfers: For transfers to the U.S., we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission (Commission Implementing Decision (EU) 2021/914).
- UK Data Transfers: For transfers from the UK, we additionally rely on the UK International Data Transfer Addendum (IDTA).
- Security Requirements: All subprocessors must implement appropriate technical and organizational measures to protect personal data.
- Access Controls: Subprocessors only have access to data necessary for their specific function.
- Data Retention: Subprocessors are contractually required to delete or return data upon termination of services.
Updates to This List
When we add or replace a subprocessor that may have access to personal data, we will:
- Update this page at least 30 days before the new subprocessor begins processing personal data.
- Send email notification to the registered email address of affected customers.
- Allow customers 15 days from receiving notice to raise a reasonable objection to the new subprocessor. If an objection cannot be resolved, the customer may terminate the affected service without penalty.
See our Data Processing Addendum (Section 6) for full details on sub-processor management.
Questions about Our Subprocessors?
For questions about our data processing partners or data transfers, contact: privacy@subjolt.com