Sub-processors
Last Updated: June 2026
To deliver AssistDesk, we rely on a small number of third-party companies ("sub-processors") that process personal data on our behalf. We hold a data-processing agreement with each one, and they may use the data only to provide their service to us. This page lists our current sub-processors and is part of our commitment under the GDPR, UK GDPR, and the CCPA/CPRA.
The one to know about: the content of your support tickets — including any text extracted from screenshots you upload — is sent to a third-party AI provider in the United States to generate Cait's replies. We do not use any advertising or third-party analytics trackers.
Current sub-processors
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Cloudflare, Inc. | Hosting, database, edge compute, and email routing | All application data (account, tickets, messages, logs) | United States / global edge |
| Third-party AI provider | Provides the AI model that powers Cait's responses | Ticket content and text/descriptions extracted from uploaded images | United States |
| Postmark (ActiveCampaign) | Transactional and support email delivery | Recipient email address and message content | United States |
| Stripe, Inc. | Subscription billing and payment processing | Billing identity and payment details | United States / global |
| Microsoft Corporation | Optional OAuth sign-in (only if you use it) | Authentication profile (name, email, directory ID) | United States / global |
We name our infrastructure, billing, email, and authentication providers above. The specific vendor behind our AI processing is treated as confidential business information; a complete list naming every individual sub-processor, including the AI provider, is available to our customers and prospective customers under our Data Processing Agreement — contact [email protected] to request it.
International transfers
Several sub-processors above operate in the United States. If you access AssistDesk from the European Economic Area, the United Kingdom, or Switzerland, your personal data may be transferred there. For those transfers we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. See our Privacy Policy for details.
Changes to this list
We update this page whenever we add or remove a sub-processor. Enterprise customers with a Data Processing Agreement may subscribe to advance notice of new sub-processors as described in that agreement, and may object to a new sub-processor on reasonable data-protection grounds.
Contact
Questions about our sub-processors or data practices? Contact our privacy team at [email protected].