Sub-processors
HumanDeploy engages trusted sub-processors to deliver the Service. Each is bound by written data protection agreements with obligations no less protective than our DPA.
Current Sub-processors
| Sub-processor | Purpose | Location | Certifications / Safeguards |
|---|---|---|---|
| Anthropic, PBC | Primary LLM inference (Claude) for draft generation, reasoning, and analysis | United States | Zero-retention enterprise API; contractually prohibited from training on Customer Data; SOC 2 Type II |
| OpenAI, L.L.C. | Secondary LLM inference for draft generation | United States | Zero-retention enterprise API; contractually prohibited from training on Customer Data; SOC 2 Type II; DPF-certified |
| Supabase, Inc. | Managed Postgres database, authentication, storage, and edge functions (primary backend) | United States | SOC 2 Type II; GDPR-compliant DPA; encryption at rest and in transit |
| Vercel Inc. | Web application and marketing site hosting, CDN, edge network | United States / Global | SOC 2 Type II; GDPR-compliant DPA; DPF-certified |
| Slack Technologies, LLC | Messaging platform and primary delivery interface (HumanDeploy operates as Slack app) | United States | SOC 2 Type II; ISO 27001; DPF-certified |
| Stripe, Inc. | Payment processing, subscription billing, and customer billing portal | United States | PCI DSS Level 1; SOC 2 Type II; DPF-certified |
| Google LLC (Google Workspace) | Internal email, calendar, and document collaboration used by HumanDeploy personnel | United States / EU | ISO 27001; SOC 2 Type II; DPF-certified |
| HumanDeploy Specialists | Senior human review, refinement, and quality assurance of Deliverables | Varies (primarily United States; may include international contractors) | Written confidentiality and data protection obligations; Competitive Conflict Protocol; access limited to assigned work |
Notes
- "DPF-certified" means the entity is certified under the EU-U.S. Data Privacy Framework. Verify current status at dataprivacyframework.gov.
- LLM Sub-processors (OpenAI, Anthropic) use zero-retention or short-retention enterprise API endpoints and are contractually prohibited from using Customer Data to train foundational models.
- Specialists are independent contractors bound by confidentiality, data protection, and HumanDeploy's Competitive Conflict Protocol. Specialists access only the Customer Data necessary for their assigned work.
- HumanDeploy relies on Standard Contractual Clauses (Module Three, Processor-to-Processor) and, where applicable, the EU-U.S. Data Privacy Framework for international transfers to Sub-processors outside the EEA, UK, or Switzerland.
Notifications and Objections
HumanDeploy will provide at least 30 days' notice of any new Sub-processor or replacement. You may object on reasonable data protection grounds within 30 days of notice. If the objection cannot be resolved, you may terminate that portion of the Service and receive a refund of unused prepaid fees.
Contact
For questions about this Sub-processor list, to object to a new Sub-processor, or to subscribe to change notifications:
Email: privacy@humandeploy.ai
Legal: legal@humandeploy.ai