We respect your privacy.

We use strictly necessary cookies to keep you signed in and to protect against CSRF. With your permission we also use a small amount of first-party analytics to improve the product. We do not sell your data and we do not use third-party advertising trackers. See our cookie policy and privacy policy .

← Trust Center

Sub-processors

The third parties Crawlmind uses to process customer data. Each entry lists the vendor's role, the region of processing, and a link to their data-processing agreement. Material changes are announced in-app and via the customer mailing list at least 30 days before they take effect.

# Sub-processors

Crawlmind uses the following third-party sub-processors to deliver
the service. This list is auto-rendered to
[/trust/sub-processors](https://crawlmind.ai/trust/sub-processors)
and updated whenever a vendor is added or removed (commit history
is the source of truth).

| Vendor       | Purpose                                       | Region                | DPA                                                                                             |
| ------------ | --------------------------------------------- | --------------------- | ----------------------------------------------------------------------------------------------- |
| DigitalOcean | Compute (droplet) + object storage (Spaces)   | EU (FRA1) / US (NYC3) | [DPA](https://www.digitalocean.com/legal/data-processing-agreement)                             |
| Stripe       | Subscription billing, invoicing               | Global, EU-routed     | [DPA](https://stripe.com/legal/dpa)                                                             |
| Anthropic    | AI completion provider (when org default)     | US                    | [DPA](https://www.anthropic.com/legal/dpa)                                                      |
| OpenAI       | AI completion provider (when org default)     | US                    | [DPA](https://openai.com/policies/data-processing-addendum)                                     |
| Perplexity   | AI citation tracking probes (when configured) | US                    | [DPA](https://www.perplexity.ai/hub/legal/data-processing-addendum)                             |
| Resend       | Transactional email delivery                  | EU (FRA)              | [DPA](https://resend.com/legal/dpa)                                                             |
| Cloudflare   | Edge routing, DNS, WAF                        | Global                | [DPA](https://www.cloudflare.com/cloudflare-customer-dpa/)                                      |
| Sentry       | Error monitoring (PII-scrubbed)               | EU (de)               | [DPA](https://sentry.io/legal/dpa/)                                                             |
| BetterStack  | Uptime monitoring + status page               | EU (de)               | [DPA](https://betterstack.com/legal/dpa)                                                        |
| GitHub       | Code-fix PRs (when org installs the app)      | US                    | [DPA](https://docs.github.com/en/site-policy/privacy-policies/github-data-protection-agreement) |

## Notification policy

Customers on the **Pro** plan and above receive 30 days' notice via
email before a new sub-processor is added that has access to customer
data. Customers can object within that window; if we can't resolve
the concern, they may terminate without penalty.

## Removal of a sub-processor

When a sub-processor is removed (e.g. we move off a vendor), this
file is updated in the same PR that removes the integration code.
The commit message MUST start with `chore(subprocessors):` so the
auditor's grep finds it.