Sub-processors

Last updated 2026-04-30 · Notified thirty days in advance of changes

This document is a placeholder pending final legal review. The list itself is current; the surrounding text will be finalised at review completion.

Wrendex engages the following sub-processors to deliver the Service. Each entry lists the processing purpose, the type of data the sub-processor sees, and the region where the data is processed. We notify customers thirty days before adding a new sub-processor.

Active sub-processors

Stripe, Inc.

Purpose: subscription billing, payment processing.
Data accessed: billing contact name + email, payment method, billing address.
Region: United States.
Reference: stripe.com/privacy

Amazon Web Services, Inc. (AWS)

Purpose: cloud hosting, compute, storage, KMS-managed encryption.
Data accessed: all customer data at rest in our production database, blob storage, and logs.
Region: us-east-1 today; eu-west-1 region scheduled for Q3 2026.
Reference: aws.amazon.com/privacy

MongoDB Atlas (MongoDB, Inc.)

Purpose: managed production data store for crawl results, audit metadata, account data.
Data accessed: all customer crawl + account data.
Region: AWS us-east-1 (matching Wrendex’s production region).
Reference: mongodb.com/legal/privacy-policy

Postmark (ActiveCampaign)

Purpose: transactional email delivery (audit alerts, password resets, billing receipts).
Data accessed: recipient email address, the body of the email being sent.
Region: United States.
Reference: postmarkapp.com/privacy-policy

Sentry (Functional Software, Inc.)

Purpose: server- and client-side error monitoring.
Data accessed: error stack traces, request metadata, user identifier (where set).
Region: United States; EU residency available on request.
Reference: sentry.io/privacy

Optional, customer-configured

The following are integrations the customer chooses to enable. Wrendex acts as a data exporter only when configured.

Slack: alert delivery to the customer’s Slack workspace; data exposed is the alert body the customer composed.
Microsoft Teams: alert delivery via incoming webhook; data exposed is the alert body the customer composed.
PagerDuty: severity-mapped paging; data exposed is the alert title and severity.
Customer-provided webhooks: outbound HTTPS webhooks to URLs the customer configures.

Notifications & objections

We notify customers of new sub-processors at least thirty days in advance. Customers with reasonable grounds for objection may raise them via /contact. If we cannot satisfy the objection, the customer may terminate the affected service.