Skip to content

Sub-processors

Every third party that processes customer data on Denpex's behalf. We give 30 days' notice of changes via email and the changelog RSS feed.

Cloudflare
Hosting, edge network, KV, D1, Workers, R2
Global edge (data stored in your selected region)
SOC 2 Type II, ISO 27001, PCI DSS
Stripe
Payment processing and subscription management
US, EU (by customer selection)
PCI DSS Level 1, SOC 2 Type II, ISO 27001
SendGrid (Twilio)
Transactional email (signups, alerts, contact replies)
US, EU (region selectable)
SOC 2 Type II, ISO 27001, HIPAA-eligible
LLMZONE / LLM Provider
AI-powered log analysis and failure diagnosis (training logs may contain hostnames, paths, and environment details)
US, EU (provider-dependent)
SOC 2 Type II (provider-dependent)
PostHog
Product analytics (opt-in via cookie consent)
US, EU
SOC 2 Type II
GitHub
Source code hosting, CI/CD, issue tracking
US (data in your selected region)
SOC 2 Type II, ISO 27001
Slack (optional)
Alert delivery when customer configures Slack as a channel
US
SOC 2 Type II, ISO 27001, FedRAMP Moderate
PagerDuty (optional)
Incident routing when customer configures PagerDuty as a channel
US, EU
SOC 2 Type II, ISO 27001, HIPAA
Twilio (optional)
SMS / iMessage alert delivery when customer configures it
US, EU
SOC 2 Type II, ISO 27001, HIPAA-eligible
Certifications listed are each sub-processor's own attestations (vendor-attested), not Denpex certifications.
We give 30 days' notice before adding a new sub-processor via email and the changelog RSS feed. Customers may object in writing; if we cannot resolve the concern you may terminate the affected services for a pro-rated refund.