A complete list of every third-party service we use to deliver OKRs Tool. All vendors are bound by signed Data Processing Agreements (DPAs) and meet GDPR-aligned data protection standards.
We work with a small, vetted group of sub-processors to help deliver OKRs Tool securely, reliably, and in compliance with global data protection laws. Each vendor below has a defined role, a specific category of data they handle, and is contractually bound to confidentiality and data protection standards consistent with our Privacy Policy.
We notify customers of material changes to this list with reasonable advance notice. If you would like to be notified of changes, email dpo@okrstool.com.
OKRs Tool is currently transitioning from V1 (our original platform) to V2 (the next-generation product). Some sub-processors below are tagged (V1) or (V2) to reflect which platform they serve. Both platforms operate in parallel during the migration. Customer data on each platform is processed only by that platform's listed sub-processors.
| Vendor | Category | Purpose & data handled |
|---|---|---|
| Amazon Web Services AWS privacy | Infrastructure | Cloud hosting, database storage, application infrastructure. Regions: EU (Ireland), US (Virginia), Asia (Singapore). All customer data is stored encrypted at rest on AWS. |
| Bubble Bubble security | Application platform (V1) | Application platform powering OKRs Tool V1. Runs on AWS infrastructure with SOC 2 Type II audit. Stores authenticated user data (account info, OKRs, workspace content) for customers on the V1 platform during our migration to V2. |
| Lovable Lovable privacy | Application platform (V2) | Application platform powering OKRs Tool V2 (the next-generation product). Runs on SOC 2-compliant infrastructure. Stores authenticated user data for customers on the V2 platform. |
| Webflow Webflow privacy | Marketing site | Marketing website and blog hosting. Used for non-authenticated content only. No customer data is stored on Webflow. |
| Stripe Stripe privacy | Payments | Payment processing and subscription billing. Handles transactions, subscription management, and billing data (name, email, billing address). PCI DSS compliant. |
| SendGrid (Twilio) Twilio privacy | Email delivery (V1) | Transactional and notification email delivery for OKRs Tool V1 — invites, check-in reminders, password resets, billing notifications. Email addresses only. |
| Resend Resend privacy | Email delivery (V2) | Transactional and notification email delivery for OKRs Tool V2 — invites, check-in reminders, password resets, billing notifications. Email addresses and message content only. |
| Slack Slack privacy | Optional integration | Customer-enabled integration for OKR check-in notifications and reminders. Only used for teams that connect their Slack workspace. Data shared is limited to notifications configured by the user or admin. |
| Google (Calendar & Sheets) Google privacy | Optional integration | Customer-enabled integrations for Calendar and Sheets. OKRs Tool does not store Google user data — see our Google User Data section for full details. |
| Google Analytics 4 Google privacy | Analytics | Website and app usage analytics. IP anonymization and region-specific consent controls enabled. |
| Cookiebot Cookiebot privacy | Consent management | Manages cookie consent banners and tracks opt-in preferences for analytics on the marketing website. |
| Hotjar Hotjar privacy | Analytics | Behavior analytics and user experience tracking on the marketing website. IP anonymization and data minimization enabled. |
| OpenAI OpenAI privacy | AI features | Used to generate OKR examples, drafts, and coaching suggestions. Only used for users who opt in to AI features. Data is not shared across accounts and is not used to train public models. |
| Datadog Datadog privacy | Monitoring | Application performance monitoring and error tracking. Captures system telemetry only — no customer OKR content. |
If you require a signed Data Processing Agreement (DPA) for your records or your own compliance program, we're happy to share ours. Email dpo@okrstool.com with your request and we'll send it over within 1 business day.
Questions about sub-processors or our data practices?
Email dpo@okrstool.com or info@okrstool.com.