CoSkip engages carefully vetted service providers to deliver, secure, and improve our services.
Subprocessor Registry
| Category | Subprocessor | Purpose / Function | Data Types Processed | Region / Data Location | Safeguards |
|---|---|---|---|---|---|
| Cloud Infra | Amazon Web Services (AWS) | Primary hosting, storage, and compute for backend APIs and services. | Customer metadata; job logs; device telemetry (pseudonymized); limited support data. | USA (additional regions as configured) | SOC 2 / ISO 27001; DPA; SCCs where applicable. |
| Cloud Infra | Google Cloud Platform (GCP) | Secondary infrastructure; AI inference pipelines; data processing jobs. | Pseudonymized usage data; AI inference logs; aggregated analytics outputs. | USA / EU (as configured) | SOC 2 / ISO 27001; DPA; SCCs. |
| Cloud Infra | Microsoft Azure | Edge and AR model deployment; image recognition; on-device sync services. | Image frames (ephemeral); timestamped events; diagnostics. | Global regions (customer/admin selection) | SOC 2 / ISO 27001; DPA; SCCs. |
| SendGrid (Twilio) | Transactional and pilot-program email delivery. | Name; email; message metadata; IP (provider logs). | USA | DPA; SCCs; DMARC/SPF/DKIM enforced. | |
| Analytics | Google Analytics (GA4) | Website/app performance and usage analytics. | Aggregated usage; device/browser info; IP (anonymized when configured). | Global | Consent-based where required; IP anonymization; DPA; SCCs. |
| Analytics | Meta Analytics (Meta Pixel) | Conversion measurement and campaign performance. | Website interaction events (pseudonymized identifiers). | Global | Consent-based where required; limited configuration. |
| Errors | Sentry (or equivalent: Datadog / Rollbar) | Application error tracking & performance diagnostics. | Stack traces; user agent; pseudonymized IDs; limited request metadata. | USA / EU (vendor region options) | DPA; SCCs; data scrubbing rules enabled. |
| Support/CRM | HubSpot (if enabled) | Waitlist & pilot signup CRM; email newsletters. | Name; email; company; role; consent flags. | USA / EU | DPA; SCCs; consent management. |
| Collab | Atlassian (Jira/Confluence) | Internal work tracking and documentation. | Project metadata; support ticket references (no customer content stored). | USA / EU (cloud) | DPA; SCCs; SSO/MFA enforced. |
CoSkip engages subprocessors only for the purposes described above and under written agreements that require confidentiality, appropriate security measures, and processing solely on CoSkip's instructions.
We do not sell personal information or use subprocessors for cross-context behavioural advertising.
Change Log
- 2025-10-16 — Initial public registry published (AWS, GCP, Azure, SendGrid, GA4, Meta Pixel, Sentry; optional HubSpot/Atlassian).
Older changes will appear here as we update this list.
Subscribe to changes:
Notifications & Objections
We will post updates to this page at least 30 days before adding a new subprocessor (unless required sooner for security or availability). Customers may object on reasonable data-protection grounds by contacting [email protected]. We will work in good faith to address concerns (e.g., alternative vendor, configuration, or disabling an affected feature).
Questions
For vendor questions, DPAs, or region commitments, email [email protected] or [email protected].
This page is provided for transparency and may be updated. Ensure your procurement/security teams monitor the feeds above if required by your process.