SuperSend Sub-Processer Register
Version: v2025-10
Last Updated: October 20, 2025
SuperSend uses a limited number of trusted third-party service providers (“Sub-processors”) to support the delivery of its platform and related services. Each Sub-processor has entered into a Data Processing Agreement (DPA) with SuperSend that includes Standard Contractual Clauses (SCCs) and GDPR-compliant safeguards.
Current Sub-processors
| Vendor | Purpose of Processing | Region / Location | Data Processed | Certifications / Safeguards |
|---|---|---|---|---|
| Google Cloud Platform (GCP) | Cloud hosting, database, Kubernetes infrastructure | United States (us-east1) | Customer data, logs, backups | ISO 27001, SOC 2, GDPR-compliant DPA |
| Amazon Web Services (AWS S3) | Object storage for files, exports, attachments | United States (us-east-1) | Attachments, export files, temporary assets | ISO 27001, SOC 2, GDPR-compliant DPA |
| Cloudflare | CDN, DNS, DDoS protection, edge caching | Global (EU/US data centers) | HTTP requests, transient metadata | ISO 27001, SOC 2, GDPR-compliant DPA |
| Mission Inbox | Email delivery infrastructure for outbound campaigns | Global | Email metadata, sender and recipient addresses | GDPR-compliant DPA |
| DigitalOcean | Supplementary compute and proxy infrastructure | United States / Europe | Transient network data, proxy routing | ISO 27001, SOC 2, GDPR-compliant DPA |
| SendGrid (Twilio) | Transactional email (notifications, password resets) | United States | Email addresses, notification content | ISO 27001, SOC 2, GDPR-compliant DPA |
| Stripe | Payment processing and subscription billing | United States / EEA | Billing information, payment details | PCI DSS Level 1, GDPR-compliant DPA |
| OpenAI | Optional AI-powered content generation feature | United States | Campaign text and template metadata (user-initiated) | GDPR-compliant DPA, Standard Contractual Clauses |
Sub-processor Updates
SuperSend reviews its Sub-processors annually and updates this register whenever a new vendor is engaged or an existing vendor is replaced. Customers will be notified of any changes at least 30 days prior to engagement of a new Sub-processor.
For additional information, please contact our Data Protection Officer at dpo@supersend.io.
Ready to Build Your Outbound Engine?
