Subprocessors
Last updated: December 8, 2025
Obsyk uses the following third-party service providers ("subprocessors") to help us provide and improve our services. Each subprocessor has been vetted for security and compliance.
For customers with a Data Processing Agreement (DPA), these subprocessors are authorized to process personal data on our behalf.
| Subprocessor | Purpose | Location | Data Processed |
|---|---|---|---|
| Cloudflare, Inc. | CDN, DNS, DDoS protection, tunnel | Global (US-based) | Network traffic, IP addresses |
| WorkOS, Inc. | Authentication, SSO, directory sync | United States | User identity, authentication data |
| GitHub, Inc. | Source code hosting, CI/CD | United States | Source code, build artifacts |
| Google LLC | Workspace (email, docs), analytics | United States | Email communications, usage analytics |
| Stripe, Inc. | Payment processing | United States | Payment information, billing data |
| Hetzner Online GmbH | Infrastructure hosting | Germany | Application data, Kubernetes metadata |
Updates to Subprocessors
We may update this list when we engage new subprocessors or change existing ones. In accordance with GDPR requirements, we will:
- Notify customers with a DPA at least 30 days before adding a new subprocessor
- Allow customers to object to new subprocessors within 14 days of notification
- Update this page promptly when changes occur
Subscribe to Updates
To receive notifications when we update our subprocessor list, please email [email protected] with the subject line "Subscribe to Subprocessor Updates".
Due Diligence
Before engaging any subprocessor, we conduct due diligence to ensure they:
- Maintain appropriate security measures
- Comply with applicable data protection laws
- Process data only as instructed
- Sign data processing agreements with us
Questions
If you have questions about our subprocessors or data processing practices, please contact us at [email protected].