Sub-processors

Vendors we trust with your data.

A complete list of every third-party service we use to deliver OKRs Tool. All vendors are bound by signed Data Processing Agreements (DPAs) and meet GDPR-aligned data protection standards.

Last updated: 29 June 2026

Overview

We work with a small, vetted group of sub-processors to help deliver OKRs Tool securely, reliably, and in compliance with global data protection laws. Each vendor below has a defined role, a specific category of data they handle, and is contractually bound to confidentiality and data protection standards consistent with our Privacy Policy.

We notify customers of material changes to this list with reasonable advance notice. If you would like to be notified of changes, email dpo@okrstool.com.

Platform transition

OKRs Tool is currently transitioning from V1 (our original platform) to V2 (the next-generation product). Some sub-processors below are tagged (V1) or (V2) to reflect which platform they serve. Both platforms operate in parallel during the migration. Customer data on each platform is processed only by that platform's listed sub-processors.

Current sub-processors

VendorCategoryPurpose & data handled
Supabase
Supabase privacy
Database & auth (V2)Primary database, authentication, and file storage for OKRs Tool V2. Stores authenticated customer data — account info, OKRs, key results, check-ins, and workspace content. Hosted on SOC 2 Type II audited infrastructure; data encrypted at rest. EU region.
Cloudflare
Cloudflare privacy
App hosting & edge (V2)Hosts and serves the OKRs Tool V2 application (Cloudflare Workers), and provides CDN, DDoS mitigation, and web application firewall (WAF) across the V2 app, knowledge base, and supporting sites. Processes request traffic in transit; no customer data stored at rest.
Amazon Web Services
AWS privacy
InfrastructureUnderlying cloud infrastructure on which our database and platform providers operate. Customer data is stored encrypted at rest. Regions: EU (Ireland), US (Virginia), Asia (Singapore).
Lovable
Lovable privacy
Development platform (V2)Development platform used to build and maintain OKRs Tool V2. The development environment has administrative access to the V2 production database for engineering, maintenance, and support tasks, which can include viewing or deleting customer records. Access is limited to authorized engineering use and governed by our internal access controls.
Bubble
Bubble security
Application platform (V1)Application platform powering OKRs Tool V1. Runs on AWS infrastructure with SOC 2 Type II audit. Stores authenticated user data (account info, OKRs, workspace content) for customers on the V1 platform during our migration to V2.
Webflow
Webflow privacy
Marketing siteMarketing website and blog hosting. Used for non-authenticated content only. No customer data is stored on Webflow.
Weglot
Weglot privacy
Product translationProvides machine and human-reviewed translation of product UI strings into supported languages (currently English, German and Spanish). Processes only public-facing UI text and translation memory. No customer OKR content, account data, or personal data is sent to Weglot.
Stripe
Stripe privacy
PaymentsPayment processing and subscription billing. Handles transactions, subscription management, and billing data (name, email, billing address). PCI DSS compliant.
SendGrid (Twilio)
Twilio privacy
Email delivery (V1)Transactional and notification email delivery for OKRs Tool V1 — invites, check-in reminders, password resets, billing notifications. Email addresses only.
Resend
Resend privacy
Email delivery (V2)Transactional and notification email delivery for OKRs Tool V2 — invites, check-in reminders, password resets, billing notifications. Email addresses and message content only.
Anthropic
Anthropic privacy
AI features (V2)Powers AI features in OKRs Tool V2 — OKR insights, alignment diagnostics, drafting and coaching suggestions, and the MCP server. OKR content may be sent to generate these outputs. Data is not used to train models and is not shared across accounts.
OpenAI
OpenAI privacy
AI features (V1)Used to generate OKR examples, drafts, and coaching suggestions on OKRs Tool V1. Only used for users who opt in to AI features. Data is not shared across accounts and is not used to train models.
Slack
Slack privacy
Optional integrationCustomer-enabled integration for OKR check-in notifications and reminders. Only used for teams that connect their Slack workspace. Data shared is limited to notifications configured by the user or admin.
Google (Calendar & Sheets)
Google privacy
Optional integrationCustomer-enabled integrations for Calendar and Sheets. OKRs Tool does not store Google user data — see our Google User Data section for full details.
Google Analytics 4
Google privacy
AnalyticsWebsite and app usage analytics. IP anonymization and region-specific consent controls enabled.
Cookiebot
Cookiebot privacy
Consent managementManages cookie consent banners and tracks opt-in preferences for analytics on the marketing website.
Hotjar
Hotjar privacy
AnalyticsBehavior analytics and user experience tracking on the marketing website. IP anonymization and data minimization enabled.
Datadog
Datadog privacy
MonitoringApplication performance monitoring and error tracking. Captures system telemetry only — no customer OKR content.

Compliance & safeguards

  • All sub-processors are contractually required to adhere to GDPR-aligned data protection practices.
  • Where vendors operate outside the EEA, we implement appropriate safeguards — Standard Contractual Clauses (SCCs) or adequacy decisions where applicable.
  • No sub-processor has independent access to customer data beyond what is required to deliver their service.
  • All sub-processors are subject to ongoing review and may be replaced if they fail to meet our standards.

Need our signed DPA?

If you require a signed Data Processing Agreement (DPA) for your records or your own compliance program, we're happy to share ours. Email dpo@okrstool.com with your request and we'll send it over within 1 business day.

Questions about sub-processors or our data practices?
Email dpo@okrstool.com or info@okrstool.com.