Sub-processors
Every third party that processes customer data on Denpex's behalf. We give 30 days' notice of changes via email and the changelog RSS feed.
Sub-processor
Purpose
Data region
Vendor-attested certifications
Cloudflare
Hosting, edge network, KV, D1, Workers, R2
Global edge (data stored in your selected region)
SOC 2 Type II, ISO 27001, PCI DSS
Stripe
Payment processing and subscription management
US, EU (by customer selection)
PCI DSS Level 1, SOC 2 Type II, ISO 27001
SendGrid (Twilio)
Transactional email (signups, alerts, contact replies)
US, EU (region selectable)
SOC 2 Type II, ISO 27001, HIPAA-eligible
LLMZONE / LLM Provider
AI-powered log analysis and failure diagnosis (training logs may contain hostnames, paths, and environment details)
US, EU (provider-dependent)
SOC 2 Type II (provider-dependent)
PostHog
Product analytics (opt-in via cookie consent)
US, EU
SOC 2 Type II
GitHub
Source code hosting, CI/CD, issue tracking
US (data in your selected region)
SOC 2 Type II, ISO 27001
Slack (optional)
Alert delivery when customer configures Slack as a channel
US
SOC 2 Type II, ISO 27001, FedRAMP Moderate
PagerDuty (optional)
Incident routing when customer configures PagerDuty as a channel
US, EU
SOC 2 Type II, ISO 27001, HIPAA
Twilio (optional)
SMS / iMessage alert delivery when customer configures it
US, EU
SOC 2 Type II, ISO 27001, HIPAA-eligible
Certifications listed are each sub-processor's own attestations (vendor-attested), not Denpex certifications.
We give 30 days' notice before adding a new sub-processor via email and the changelog RSS feed. Customers may object in writing; if we cannot resolve the concern you may terminate the affected services for a pro-rated refund.