Subprocessors
This page lists the third-party subprocessors that Disruptive Rain uses to process customer data. We maintain this list to provide transparency about our data handling practices.
Last updated: January 2026
What is a Subprocessor?
A subprocessor is a third-party service provider that processes personal data on our behalf to help us provide our services. All subprocessors are bound by data processing agreements that require them to handle data in accordance with our security and privacy standards.
All listed subprocessors have been vetted for security practices and maintain appropriate certifications (SOC 2, ISO 27001, or equivalent).
Current Subprocessors
| Subprocessor | Purpose | Location | Data Processed |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and hosting | United States, European Union | All customer data for primary hosting |
| Google Cloud Platform | Backup infrastructure and AI services | United States, European Union | Customer data for redundancy and AI processing |
| MongoDB Atlas | Database hosting | United States, European Union | Structured application data |
| Stripe | Payment processing | United States | Payment information, billing details |
| Metronome | Usage metering and billing | United States | Usage metrics, account information |
| SendGrid (Twilio) | Transactional email delivery | United States | Email addresses, email content |
| Datadog | Application monitoring and logging | United States, European Union | System logs, performance metrics |
| Sentry | Error tracking and debugging | United States | Error logs, diagnostic data |
| Cloudflare | CDN and DDoS protection | Global (edge locations) | Network traffic, cached content |
| Intercom | Customer support and messaging | United States | Support conversations, user information |
| Okta | Identity management (internal) | United States | Employee authentication data |
Change Notifications
We may update this list of subprocessors from time to time. When we add a new subprocessor that processes personal data, we will:
- 1.Update this page with the new subprocessor information
- 2.Notify enterprise customers via email at least 30 days before the change takes effect
- 3.Provide a mechanism for customers to object if the change affects their compliance requirements
Customers with enterprise agreements may have specific subprocessor notification terms that supersede this general policy. Please refer to your Data Processing Agreement for details.
EU Data Transfers
For customers in the European Union, we ensure that any transfer of personal data to subprocessors located outside the EU/EEA is protected by appropriate safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
- Adequacy decisions where the destination country has been deemed adequate
We also conduct Transfer Impact Assessments for any transfers to countries without adequacy decisions to ensure appropriate supplementary measures are in place.
Questions about our subprocessors or data processing practices?