Sub-processor List
This page lists the third parties (“Sub-processors”) that this+that engages to provide the Service and that may process Customer Data on this+that’s behalf. We publish this list to satisfy the notice and objection rights in our Data Processing Addendum.
How sub-processors are selected
We use sub-processors only where they are necessary to provide the Service and where they meet our security and data-protection criteria. Every sub-processor that processes Customer Data is bound by a written agreement that imposes data protection obligations at least as protective as our DPA. None of our sub-processors are authorized to use Customer Data to train, fine-tune, or otherwise improve any machine learning or generative AI model.
How to be notified of changes
To receive email notification of changes to this list, email legal@thisandthat.chat with the subject “Sub-processor notifications” and the address you’d like notifications sent to. We give at least thirty (30) days’ notice before authorizing a new sub-processor that processes Customer Data, and customers may object as described in Section 6 of the DPA.
Current sub-processors
Infrastructure
| Sub-processor | Service provided | Data processed | Location of processing |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud hosting, compute, storage, databases, key management (KMS), email delivery, logging | All Customer Data, including the contents of mailboxes, messages, calendars, files, tasks, and brain pages | United States |
| Amazon Web Services, Inc. (Bedrock) | Managed AI inference service used to call foundation models | The portion of Customer Data sent to an AI model to fulfill a feature (for example, a message being summarized, drafted, or classified) | United States |
| Anthropic, PBC | Foundation model inference, accessed exclusively through Amazon Bedrock under Bedrock terms that prohibit training on customer inputs and outputs | The portion of Customer Data passed to the Anthropic model for the duration of the request | United States |
Platform services
| Sub-processor | Service provided | Data processed | Location of processing |
|---|---|---|---|
| Clerk, Inc. | User authentication, session management, multi-factor authentication | Authentication identifiers (email, name, hashed credentials), session tokens, IP addresses | United States |
| Stripe, Inc. | Billing, subscription management, payment processing | Customer name, billing email and address, payment method details, transaction history. Stripe is an independent controller for payment data. | United States |
| Functional Software, Inc. (Sentry) | Application error and performance monitoring | Application stack traces and contextual metadata; user identifiers (email or user ID) attached to errors. Sentry is configured to scrub Customer Data from error events. | United States |
| Intercom, Inc. | In-app customer support messaging, support ticket history | Authorized User identifiers (name, email, account ID) and any content Authorized Users share in support conversations | United States |
| HubSpot, Inc. | Customer relationship management for account, billing, and lifecycle communications | Account-level contact information (name, business email, company name, plan, account lifecycle events). HubSpot is not used to process the contents of mailboxes, messages, or other Customer Data. | United States |
Other AI providers
We may, from time to time, route portions of model inference traffic through additional foundation model providers (for example, providers accessible through Amazon Bedrock or comparable services) to improve quality, latency, or cost. Any such provider will appear on this list before processing Customer Data, will be bound by no-training restrictions, and will be subject to the notice and objection rights described above.
Sub-processors of sub-processors
Our sub-processors may engage their own sub-processors (for example, AWS uses sub-processors for some of its services). We require each sub-processor to apply flow-down terms that are no less protective than the DPA.
Contact
Questions about this list, or about how a specific sub-processor handles Customer Data? Email legal@thisandthat.chat.
Changelog
- June 9, 2026. Initial publication. Includes AWS, AWS Bedrock, Anthropic, Clerk, Stripe, Sentry, Intercom, and HubSpot. Establishes the email-based notification process for future changes.