Last updated: 10 May 2026
Overview
Qone uses the third parties listed below to deliver the platform. They process personal data on our behalf in the role of sub-processor as defined by GDPR Article 28. We require each sub-processor to provide a Data Processing Agreement (DPA) and apply technical and organisational measures equivalent to our own.
Current sub-processors
| Sub-processor | Purpose | Region | Data accessed | DPA |
|---|---|---|---|---|
| OpenAI | AI chat assistant + embeddings for in-product knowledge base | United States | Chat messages and tool-call payloads when AI features are enabled by the workspace. | Link |
| Cloudflare R2 | Object storage for uploads (images, PDFs, attachments) | Global (jurisdiction selectable per bucket) | User-uploaded files and exported PDFs. | Link |
| Resend | Transactional email delivery (notifications, password resets) | United States | Recipient email addresses and email body content. | Link |
| Paddle | Subscription billing, payments, and invoicing for the Qone platform | United Kingdom + global payment networks | Billing-related data: account email, plan, transaction amounts. Payment card data is tokenized by Paddle. | Link |
| PostHog | Product analytics and feature flags | EU (data residency configured to EU pod) | Pseudonymous usage events, page views, and feature interactions. PII fields are masked at the SDK. | Link |
| Sentry | Application error tracking and performance monitoring | US or EU — depends on SENTRY_DSN pod (verify before launch; EU pod preferred) | Stack traces, request metadata, and breadcrumbs. Cookies, auth headers, and password/token fields are stripped before send. | Link |
| Slack Technologies | Slack workspace integration for notifications, slash commands, and ticket creation | United States | Only enabled when a workspace admin connects Slack. Notification text and minimal user identity (email-to-Slack-user mapping) are sent. | Link |
| Database hosting (managed Postgres) | Primary application database | Production region — see DPA on request | All tenant data persisted by the platform. Encryption-in-transit (TLS) is enforced; encryption-at-rest depends on the host configuration. | On request |
Notification of changes
We will provide written notice (email to the workspace owner) at least 30 days before adding, removing, or replacing a sub-processor that processes customer personal data. Customers may object on reasonable grounds; if we cannot find a commercially reasonable alternative, the customer may terminate the affected service for the remaining unused term.
Contact
For questions about sub-processors or to request copies of the DPAs we hold, email [email protected].