Last updated: 17.07 2025
We work with a small, trusted group of sub-processors to help deliver OKRs Tool securely, reliably, and in compliance with global data protection laws. All vendors are subject to GDPR-level privacy standards and governed by signed Data Processing Agreements (DPAs).
Infrastructure & Hosting
Amazon Web Services (AWS) – Cloud hosting, database storage, and application infrastructure
→ Regions: EU (Ireland), US (Virginia), Asia (Singapore)
Application Platform
Bubble.io – Application logic and database hosting for the OKRs Tool web app
→ Runs on AWS infrastructure and complies with industry security standards
→ Bubble security overview
Website CMS
Webflow – Marketing website and blog hosting
→ Used for non-authenticated content only (i.e. no customer data stored)
Email Delivery
SendGrid (Twilio) – Transactional and notification email delivery
→ Used for invites, check-ins, password resets, etc.
Analytics & Tracking
Google Analytics 4 (GA4) – Website and app usage analytics
→ IP anonymization and region-specific consent controls enabled
Cookiebot – Manages cookie consent and tracks opt-in preferences for analytics
AI-Powered Features
OpenAI – Used to generate OKR examples, drafts, and coaching suggestions
→ Only used for users who opt in to AI features
→ Data is not shared across accounts or used to train public models
Compliance & Privacy Notes
- All sub-processors are contractually required to adhere to GDPR-compliant data protection practices
- Where vendors operate outside the EEA, we implement appropriate safeguards (e.g. SCCs or adequacy decisions)
- No sub-processor has independent access to customer data beyond what is required to deliver their service
Need Our Signed Data Processing Agreement (DPA)?
Email us at info@okrstool.com to request our standard DPA or ask questions about our data practices.