Sub-processors
When Crossdeck processes personal data on behalf of our customers under the Data Processing Addendum, we engage a fixed list of third-party sub-processors who handle parts of that processing. The complete list below is updated with at least thirty (30) calendar days' advance notice before any addition or material change. Customers may subscribe to the change-notification feed and object to a new sub-processor under the DPA's right-to-object procedure (DPA §4.3).
Subscribe to changes
New sub-processors and material changes to existing sub-processor relationships are announced at least 30 days in advance. Customers who want to be notified should subscribe at [email protected] with subject "Subscribe to sub-processor notifications" — the registered notification address on the Customer's primary admin account is automatically included unless you opt out. Each notification will name the proposed sub-processor, the processing purpose, the data categories affected, the data residency, and a link to the proposed sub-processor's DPA. The 30-day window for customer objections runs from the date of the notification.
Active sub-processors
On the Effective Date, the following sub-processors are engaged under signed Data Processing Agreements that incorporate the EU Standard Contractual Clauses (June 2021), the UK IDTA (where UK data flows), and the Swiss FDPIC adaptation (where Swiss data flows). For each sub-processor, the data residency named below reflects the region we have requested and verified at engagement; sub-processors may operate global infrastructure for redundancy, and a change of the contractually-committed region triggers the 30-day advance-notice procedure.
| Sub-processor | Processing purpose | Personal data categories | Data residency | Their DPA |
|---|---|---|---|---|
|
Google LLC (United States) Operating subsidiary: Google Ireland Ltd, Dublin (EU/UK) |
Hosting, storage, identity (Firebase Authentication, Firestore, Cloud Storage, Cloud Functions, Cloud Run, App Hosting). Crossdeck's primary infrastructure platform. | All categories of Customer Personal Data described in DPA Annex A; account data; SDK diagnostic telemetry envelope. |
us-central1 (Council Bluffs, Iowa, US) for the production tenant. Multi-region disaster-recovery snapshots in nam5 (US multi-region).
|
Google Cloud DPA (incorporates EU SCCs + UK IDTA). |
|
ClickHouse, Inc. (United States) ClickHouse Cloud |
Analytical aggregation of event data — time-series queries, funnels, retention cohorts, custom-event breakdowns. Customer-side dashboard queries route through ClickHouse for read performance. | Aggregate event data with anonymised customer identifiers; no email or free-form PII (PII scrubbed at SDK level before ingestion). |
AWS us-east-2 (Ohio, US).
|
ClickHouse Cloud DPA (incorporates EU SCCs). |
| Resend Inc. (United States) | Transactional email delivery — welcome emails, password resets, account-management notifications, alert-rule notifications, sub-processor change announcements. | Customer admin email addresses; email subject lines and bodies (transactional only — never marketing). |
us-east-1 (N. Virginia, US).
|
Resend DPA (incorporates EU SCCs). |
| Stripe Inc. / Stripe Payments Europe Ltd (Ireland for EU; United States for US) | Billing and payment processing for Crossdeck's own subscription fees (the Customer paying us); tax calculation; invoice issuance. Stripe is an independent controller for card-data PCI scope and our processor for invoice + tax records. | Customer billing contact (name, email, billing address, tax ID); payment-method last-4 digits and brand (the full PAN never reaches Crossdeck — Stripe Elements tokenizes in the browser). |
EU customers: Ireland. US customers: us-east-1 + Stripe-managed global infrastructure.
|
Stripe DPA (incorporates EU SCCs + UK IDTA). |
| Cloudflare, Inc. (United States) | Edge content delivery for cross-deck.com (marketing site, documentation, blog). Performance + DDoS mitigation. Cloudflare does not process Personal Data from the SDK API path. | IP addresses and User-Agents of visitors to cross-deck.com (for caching and security). No persistence beyond Cloudflare's edge logs (configured to discard within 7 days for our zone). | Global edge — visitor's nearest PoP. | Cloudflare DPA (incorporates EU SCCs + UK IDTA). |
| GitHub, Inc. (a Microsoft subsidiary, United States) | Source code hosting; the publicly-mirrored SDK repositories that customers consume via SwiftPM, npm, and Maven. Does not process Customer Personal Data. | None (relevant to this list) — used for SDK distribution only. |
us-east-* + GitHub-managed global CDN.
|
GitHub DPA (incorporates EU SCCs). |
AI / LLM vendors — opt-in only
We do not silently route Customer Personal Data through third-party language-model vendors. Where Customer Personal Data is sent to an LLM provider, that processing is gated by a per-feature opt-in in the Customer dashboard. When (and only when) a Customer opts in, the following sub-processors are engaged for the corresponding feature:
| Sub-processor | Triggering feature | Data shared | Their DPA |
|---|---|---|---|
| Anthropic PBC (United States) | "Natural-language alert rule" composer — Customer types a rule in plain English; Crossdeck calls Claude to translate to the alert-rule DSL. | The Customer's natural-language input; the event-schema keys for the project (no values, no end-user records). | Anthropic Commercial Terms + DPA. |
| OpenAI, L.L.C. (United States) | Same feature, vendor-fallback path when Anthropic is unavailable. Customer-configurable. | As above. | OpenAI DPA. |
Both vendors operate on no-training contractual terms for API traffic; neither vendor uses Customer-provided content to train their models.
Ancillary service providers (not sub-processors)
The following service providers are part of Crossdeck's operations but do not Process Customer Personal Data and are therefore not sub-processors under the DPA. They are listed for transparency.
- Google Workspace — Crossdeck's internal email and document collaboration. No Customer Personal Data is stored or transmitted here.
- Linear — Crossdeck's internal issue tracker. No Customer Personal Data is logged.
- Slack — Crossdeck's internal communications. No Customer Personal Data is logged. Customer support conversations are routed through a separate Resend mailbox, not Slack.
- 1Password — Crossdeck's internal secret management. Holds API keys and infrastructure credentials; no Customer Personal Data.
Change history
Material changes to this list are tracked in the public
repository's
commit history under legal/sub-processors/. The
initial publication on the Effective Date is v1.0.
Contact
Questions or objections to a proposed sub-processor: [email protected]. See DPA §4 for the formal right-to-object procedure.