Sub-Processors
Last updated: March 15, 2026
Skode Technologies ("Skode," "we," "us," or "our") engages the following third-party sub-processors to assist in providing our Services. Each sub-processor is bound by a data processing agreement that requires them to process personal data in accordance with applicable data protection laws and our Data Processing Agreement.
This page is maintained in accordance with our obligation to provide transparency about the third parties that process data on behalf of our customers. We update this list when we add or remove sub-processors.
1. Cloud Infrastructure and Hosting
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, database hosting, file storage, content delivery | All customer data, application data, file uploads | United States, EU (Frankfurt) |
| Google Cloud Platform (GCP) | AI/ML services, cloud functions, analytics processing | CRM data for AI processing, analytics data | United States |
| Cloudflare | CDN, DDoS protection, DNS, web application firewall | IP addresses, request metadata, cached content | Global (edge network) |
| Vercel | Website hosting, serverless functions, edge deployment | Website traffic data, server-side request logs | United States, Global (edge) |
2. AI and Machine Learning
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| OpenAI | Voice transcription (Whisper API), AI-powered CRM features (GPT-4o-mini), natural language processing | Voice recordings (transient, not stored), CRM text data for analysis, user prompts | United States |
Note: OpenAI processes data under a zero-data-retention API agreement. Data sent to OpenAI is not used for model training and is not retained after processing is complete.
3. Payment Processing
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Stripe | Payment processing, subscription billing, invoicing, fraud detection | Billing name, email, payment method details, transaction history, billing address | United States |
Note: Stripe is PCI DSS Level 1 certified. Credit card numbers are processed and stored directly by Stripe and never touch Skode servers.
4. Email and Communication
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| SendGrid (Twilio) | Transactional email delivery, email marketing, email analytics | Recipient email addresses, email content, delivery metadata | United States |
| Twilio | SMS messaging, voice calls, phone number provisioning | Phone numbers, SMS content, call metadata | United States |
5. Messaging Platforms
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Meta (WhatsApp Business API) | WhatsApp messaging, template messages, media delivery | Phone numbers, message content, media files, delivery status | United States, EU |
| Meta (Instagram Messaging API) | Instagram Direct messaging, automated responses | Instagram user IDs, message content, media files | United States |
| Meta (Facebook Messenger API) | Facebook Page messaging, comment management | Page-scoped user IDs, message content, media files, engagement data | United States |
| TikTok (Business API) | TikTok lead generation, business messaging, conversion tracking | Lead form data, business account info, message content, conversion events | United States |
| LinkedIn (Marketing API) | Lead Gen Forms, Page messaging, profile data | Lead form responses, Page messages, authenticated member profiles | United States |
| Snap Inc. (Snap Kit & Marketing API) | Authentication (Login Kit), conversion tracking (CAPI), ad management | Display name, Bitmoji, external ID, hashed conversion events | United States |
| Telegram (Bot API) | Telegram bot messaging, conversation management | User IDs, usernames, message content, media files, chat metadata | Global (Telegram infrastructure) |
6. Analytics and Monitoring
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Google Analytics | Website analytics, traffic analysis, user behavior tracking | IP addresses (anonymized), page views, session data, device information | United States |
| PostHog | Product analytics, session recording, feature flags | User interactions, session recordings, feature usage data | United States, EU |
| Sentry | Error tracking, performance monitoring, application debugging | Error logs, stack traces, user context (anonymized), performance metrics | United States |
7. Authentication and Security
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Google (OAuth) | Single sign-on authentication, Google Workspace integration | Email address, name, profile picture (as authorized by user) | United States |
8. Customer Support
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Intercom | In-app messaging, customer support chat, help center | Name, email, conversation content, user attributes | United States |
9. Notification of Changes
We will notify customers of any changes to this sub-processor list at least 30 days before engaging a new sub-processor or changing the role of an existing one. Notifications are sent via email to the account administrator.
If you object to a new sub-processor, you may notify us within 30 days of the notification. We will work with you to address your concerns. If we cannot resolve the objection, you may terminate the affected Services in accordance with our Data Processing Agreement.
10. Data Processing Safeguards
All sub-processors are required to:
- Enter into a data processing agreement with Skode that imposes data protection obligations no less protective than those in our DPA.
- Implement appropriate technical and organizational security measures.
- Process personal data only as instructed by Skode and only for the purposes described above.
- Delete or return personal data upon termination of the sub-processing agreement.
- Submit to audits and inspections as required by applicable data protection laws.
11. International Data Transfers
Where sub-processors are located outside the European Economic Area (EEA) or other jurisdictions with data transfer restrictions, we ensure appropriate transfer mechanisms are in place, including EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Agreements. For more information, see our Data Processing Agreement.
12. Contact Us
For questions about our sub-processors or data processing practices:
- Email: privacy@skodeai.com
- DPA: View our Data Processing Agreement
- Privacy Policy: View our Privacy Policy