SalesQL Subprocessors
This page lists the third-party providers ("Subprocessors") that SALESQL LTD ("SalesQL", "we", "us" or "our") engages to process personal data in connection with the Services.
Where SalesQL acts as a processor for Customer Personal Data, these providers are Subprocessors under the Data Processing Addendum. Where SalesQL acts as a controller (for example, for account, billing, website, support or privacy-request data), the providers are listed for transparency as service providers or processors engaged by SalesQL.
This page is referenced by the Privacy Policy and the Data Processing Addendum (DPA). Capitalised terms used here have the meanings given in those documents.
For information about how we obtain and maintain the SalesQL Profiles Database — the B2B contact data we provide as a controller — please see Section 3.4 of the Privacy Policy. The Profiles Database is not processed under the DPA; it is processed by SalesQL as a controller, and the Customer becomes an independent controller of any Profile Data it accesses.
#1. How to subscribe to changes
We will give Customers at least 30 days' prior notice of any new Subprocessor that will process Customer Personal Data, as set out in Section 6.3 of the DPA. To receive notifications, write to legal@salesql.com with the subject line "Subscribe — Subprocessors notifications".
You can also bookmark this page; the "Last updated" date at the top of the page reflects when it was last revised.
#2. Categories of Subprocessors
The following tables list the categories of Subprocessors and service providers we engage and the named vendors within each category. We expressly identify vendors that may touch Customer Personal Data or other personal data processed in connection with the Services; vendors that operate purely on aggregated, de-identified or internal business data are not listed on this public page.
#2.1 Cloud infrastructure, networking and realtime delivery
| Subprocessor | Entity | Location of processing | Purpose | Transfer safeguard |
|---|---|---|---|---|
| Amazon Web Services | Amazon Web Services EMEA SARL | European Union — primary region: eu-central-1 (Frankfurt, Germany); AWS global support and subprocessors where applicable | Production hosting, storage, backups, networking | N/A for primary intra-EEA processing; EU SCCs and UK IDTA where applicable |
| Cloudflare | Cloudflare, Inc. | Global edge network; United States for certain logs and support processing | DNS, CDN, WAF, DDoS protection, edge routing and security for website and application traffic | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| DigitalOcean | DigitalOcean, LLC | European Union and United States, depending on the configured data-centre region | Supplemental cloud hosting, compute, storage and networking | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| OVHcloud | OVH SAS | European Union — France/Germany or other configured OVHcloud regions | Supplemental hosting and network infrastructure | N/A for intra-EEA processing; EU SCCs / UK Addendum where applicable |
| Ably Realtime | Ably Realtime Ltd | United Kingdom; European Union, United States and other realtime network locations as configured | Realtime messaging, websocket infrastructure and in-app status/event delivery | UK adequacy for UK processing; EU SCCs / UK Addendum where applicable |
#2.2 Payment processing
| Subprocessor | Entity | Location of processing | Purpose | Transfer safeguard |
|---|---|---|---|---|
| Stripe | Stripe Payments Europe Ltd (Ireland) and Stripe, Inc. (United States) | Ireland (EU); United States | Subscription billing, invoicing, payment-method tokenisation. SalesQL does not store full card numbers. | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
#2.3 Product analytics, telemetry and diagnostics
| Subprocessor | Entity | Location of processing | Purpose | Transfer safeguard |
|---|---|---|---|---|
| Segment | Segment.io, Inc. / Twilio Inc. | United States; European Union where configured | Product-event telemetry pipeline from the SalesQL web application and browser extension (event names and high-level metadata; no message content of Campaigns is processed by Segment) | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| Amplitude | Amplitude, Inc. | United States; European Union where configured | Product analytics, funnels, usage metrics and feature-performance reporting | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| PostHog | PostHog Inc. | Germany (EU Cloud) or United States, depending on the selected PostHog Cloud hosting region | Product analytics, feature usage, event telemetry, funnels and session-level product diagnostics | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| Sentry | Functional Software, Inc. d/b/a Sentry | United States; European Union region where configured | Error tracking, crash reporting, performance monitoring and diagnostic telemetry | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| ipdata | ipdata LLC | United States | IP geolocation and IP-intelligence signals for localisation, security, fraud prevention and operational analytics | EU SCCs / UK Addendum where applicable |
#2.4 Email and notification delivery
We use third-party email and notification providers to deliver transactional and account-related communications (account verification, password reset, billing notices, security alerts), lifecycle communications and Customer-initiated outbound communications where the Services support those workflows.
| Subprocessor | Entity | Location of processing | Purpose | Transfer safeguard |
|---|---|---|---|---|
| Postmark | AC PM, LLC | United States | Transactional and application email delivery, including account, security, billing and service notifications | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| Customer.io | Peaberry Software Inc. d/b/a Customer.io | United States; other Customer.io subprocessors where applicable | Lifecycle messaging, customer communications, email automation and related engagement analytics | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
#2.5 Customer support, feedback and public forms
| Subprocessor | Entity | Location of processing | Purpose | Transfer safeguard |
|---|---|---|---|---|
| Intercom | Intercom R&D Unlimited Company and Intercom, Inc. | Ireland; United States | Customer support chat, support communications, customer-success workflows and support-ticket context | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| Zendesk | Zendesk International Limited and Zendesk, Inc. | Ireland; United States and other Zendesk Group processing locations | Helpdesk ticketing, support communications and customer-support operations | Binding Corporate Rules, EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
| Canny | Canny Inc. | United States | Product feedback management, feature requests and public roadmap feedback submitted by users | EU SCCs / UK Addendum where applicable |
| Tally | Tally BV | European Union — Belgium; form data stored in Europe | Public forms, privacy request intake and other forms submitted through SalesQL-managed forms | N/A for intra-EEA processing; EU SCCs / UK Addendum where applicable |
#2.6 Website marketing operations
These providers process personal data in connection with SalesQL's public website, account acquisition and marketing operations. They are not used to process Customer-uploaded contact lists unless expressly stated in another category above.
| Subprocessor | Entity | Location of processing | Purpose | Transfer safeguard |
|---|---|---|---|---|
| Google Ads | Google Ireland Limited and Google LLC | Ireland (EU); United States and global Google processing locations | Conversion measurement, advertising attribution and remarketing for SalesQL website visitors, subject to cookie-consent controls where required | EU SCCs, UK IDTA Addendum, EU-U.S. Data Privacy Framework / UK Extension where applicable |
#2.7 AI features (LLM Provider)
The SalesQL AI Assistant (Privacy Policy Section 6.2) interacts with a third-party large language model only where the feature is enabled for a Customer workspace. The AI Assistant will not be enabled for any Customer workspace until the production LLM Provider has been confirmed, contracted under terms aligned with Article 28 UK/EU GDPR, and named on this page. SalesQL will require the LLM Provider not to use prompts, completions or routed workspace data to train its own foundation models.
#2.8 Customer support, productivity and security tooling
We use a small number of operational tools that may incidentally process Customer Personal Data (for example, when a Customer writes to support and quotes a contact's email address). These tools are subject to the same contractual safeguards as other Subprocessors. Standard SaaS productivity tooling used only for internal business operations, code collaboration, documentation, password management, finance, design, SEO, advertising administration or contractor payments is not listed on this public page unless it is separately listed in a named category above. The full internal vendor inventory is available to Customers under NDA on request to legal@salesql.com.
#3. Notes about Profile Data
The SalesQL Profiles Database (the B2B contact data we maintain as a controller) is not processed by Customers as Customer Personal Data; the Customer becomes an independent controller of any Profile Data it accesses (see Section 2.3 of the Privacy Policy and Section 6 of the Terms of Service). The Subprocessors listed on this page may, in the course of operating the Services, process Profile Data on SalesQL's instructions; in those cases SalesQL is acting as the controller and the same contractual safeguards apply.
#4. Contact
For questions about Subprocessors:
- Email — legal@salesql.com
- Postal — SALESQL LTD, 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom
- EU and Swiss Representative — GDPR Local (intake portal: https://salesqlltd.gdprlocal.com/eu)