collab.spaceDocumentation
Overview
Apps
Core
Trust
Legal

Subprocessors

Third-party services that help us deliver collab.space.

We carefully select and monitor all subprocessors that process customer data. Each subprocessor undergoes security review and is bound by data processing agreements that meet GDPR and other regulatory requirements.

Current Subprocessors

Infrastructure & Hosting

SubprocessorPurposeLocation
ConvexBackend database and real-time infrastructureUnited States
VercelApplication hosting and CDNGlobal (Edge)
CloudflareDDoS protection and securityGlobal

Authentication & Security

SubprocessorPurposeLocation
Cloudflare TurnstileBot protection and CAPTCHAGlobal

Communication

SubprocessorPurposeLocation
ResendTransactional email deliveryUnited States
100msVideo conferencing infrastructureGlobal

Payments

SubprocessorPurposeLocation
StripePayment processing and billingUnited States

Analytics & Monitoring

SubprocessorPurposeLocation
Google AnalyticsUsage analytics and performance monitoringUnited States

AI & Machine Learning

SubprocessorPurposeLocation
OpenAIAI assistant and semantic search capabilitiesUnited States
UnstructuredDocument parsing and text extractionUnited States
Attendee Labs, IncMeeting transcriptionUnited States

Scheduling

SubprocessorPurposeLocation
Cal.comDemo booking and scheduling embedUnited States

Subprocessor Requirements

All subprocessors must meet these requirements:

RequirementDescription
Security AssessmentComprehensive security review before onboarding
Data Processing AgreementBinding DPA with GDPR-compliant terms
SOC 2 or ISO27001Independent security certification
EncryptionData encrypted in transit and at rest
Access ControlsPrinciple of least privilege
Incident ResponseDefined breach notification procedures
Regular ReviewAnnual review of security posture

Data Processing Locations

RegionAvailableSubprocessors
United StatesDefaultAll subprocessors
European UnionOn RequestSelected subprocessors with EU presence
AustraliaOn RequestSelected subprocessors with AU presence

Change Notifications

We provide advance notice of subprocessor changes:

Change TypeNotice Period
New Subprocessor30 days
Material Change30 days
RemovalImmediate notification

Subscribe to Updates

To receive subprocessor change notifications:

MethodDetails
EmailSubscribe at [email protected]
RSS FeedAvailable in your workspace settings
In-AppNotifications for workspace admins

Customer Objections

If you object to a new subprocessor:

StepAction
1Submit objection within 30 days of notification
2We'll work to address your concerns
3If concerns cannot be resolved, termination rights apply

Due Diligence

Our subprocessor evaluation includes:

AreaAssessment
Security CertificationsSOC 2, ISO 27001, or equivalent
Privacy PracticesGDPR compliance, DPA terms
Financial StabilityBusiness viability assessment
Incident HistoryReview of past security incidents
Technical ControlsArchitecture and security review
Contract TermsLiability, indemnification, termination

Frequently Asked Questions

QuestionAnswer
Can I opt out of specific subprocessors?Some subprocessors are essential for service delivery. Contact us to discuss alternatives.
Do subprocessors access my content?Access is limited to what's necessary for service delivery. Most processing is automated.
How often is this list updated?We update this page whenever subprocessors change. Last updated: January 2025.
Can I get subprocessor audit reports?SOC 2 reports for key subprocessors are available under NDA.

Contact

InquiryContact
Subprocessor Questions[email protected]
Change NotificationsSubscribe at [email protected]
Objections[email protected]