Sub-processors
Privacy Automated LLC
Last updated: June 4, 2026
To deliver the Privacy Automated platform we engage a small number of third-party service providers ("Sub-processors") that may Process Customer Personal Data on our behalf. The list below is current and authoritative; we update it before introducing a new Sub-processor (see our Data Processing Addendum, Section 4).
If you would like to be notified by email when this list changes, send a message to info@privacyautomated.ai with the subject "Sub-processor notifications" from a monitored account at your organization and we will add you to the notification list.
Core platform
Required to operate the Services. Disabling any of these is not currently possible without terminating the subscription.
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Hetzner Online GmbH (Hetzner Cloud) hetzner.com |
Application and database hosting (compute, storage, networking, physical security) for the Privacy Automated platform. | All Customer Personal Data submitted to or generated within the Services. | European Union · Falkenstein, Germany |
| Anthropic, PBC anthropic.com |
Large-language-model inference and verification (Claude) for AI features — Q&A drafting, DPIA / PIA generation, DSAR classification, vendor research. | Content of questions, document excerpts retrieved by the Services, and metadata necessary to formulate the prompt. Submissions are not used by Anthropic to train models on inputs by default per their Commercial Terms. | United States |
| Clerk, Inc. clerk.com |
Identity, authentication, and organization management (sign-in, SSO, MFA, workspace membership). | User account information (name, email, authentication factors); organization metadata. Clerk holds SOC 2 Type II. | United States |
| Stripe, Inc. stripe.com |
Billing, subscription management, payment processing (Managed Payments). | Workspace billing contact, plan, payment method tokens (Stripe is the controller of cardholder data; Privacy Automated never sees full card numbers). PCI DSS Level 1. | United States |
| Postmark (ActiveCampaign LLC) postmarkapp.com |
Transactional email delivery (escalation notifications, DSAR routing emails, customer ack messages) and inbound email parsing for the privacy-inbox feature. | Email subjects, bodies, attachments, sender / recipient addresses, delivery metadata. | United States |
| Backblaze, Inc. backblaze.com |
Off-site, encrypted, geographically separated backup storage for the application database. | Encrypted snapshots of the application database. Backups are AES-256 encrypted before upload. | United States · US-East |
| Healthchecks.io (Monkey See Monkey Do, s.r.o.) healthchecks.io |
Dead-man's-switch monitoring of scheduled jobs (backup pipeline, daily expiry tasks). Alerts on failure. | Check identifiers, check status (success / failure timestamps), and the alert recipient address. No Customer Personal Data. | European Union |
| Sentry (Functional Software, Inc.) sentry.io |
Application error monitoring — captures stack traces and request context when the API or web app encounters an unhandled error. | Error messages, stack traces, sanitized request metadata (user id, workspace id, route). PII scrubbing rules drop email addresses and free-text bodies from event payloads. | European Union · Sentry EU region (Frankfurt, Germany) |
Optional / Customer-controlled
Engaged only if Customer explicitly enables the corresponding feature; not used by default.
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Slack Technologies, LLC slack.com |
Engaged only when a workspace installs the Slack integration. Routes inbound privacy questions and DSAR receipts from the customer’s Slack workspace into the Privacy Automated inbox, and posts answers / status updates back to a Slack channel the customer nominates. | Message content and metadata exchanged in the connected channel(s); Slack user identifiers of askers and reviewers; channel and team identifiers. Slack holds SOC 2 Type II and ISO/IEC 27001. | United States |
Affiliates
Privacy Automated LLC does not currently have any corporate affiliates that Process Customer Personal Data.
Notification of changes
We will update this page at least fifteen (15) days before engaging a new Sub-processor that would Process Customer Personal Data. If you have subscribed to notifications (see top of page), we will also send an email. Customers may object on reasonable data-protection grounds per Section 4.4 of the DPA.
Questions or notification subscription requests: info@privacyautomated.ai.