Subprocessors
Last updated: June 30, 2026
We use the subprocessors below to provide, secure, support, and operate Support Desk. Some subprocessors are used for all customers; others apply only when a customer enables a specific integration or feature.
| Subprocessor | Purpose | Location |
|---|---|---|
| Railway | Application hosting, worker hosting, managed Postgres, Redis, logs, and deployment infrastructure. | United States / global |
| Google Firebase | User authentication, session identity, and related security services. | United States / global |
| Stripe | Checkout, subscriptions, trials, invoices, Customer Portal, payment processing, taxes, and fraud prevention. | United States / global |
| Postmark | Inbound email processing, outbound transactional email, domain verification, bounces, and delivery events. | United States |
| Cloudflare R2 | Private attachment object storage and signed attachment delivery. | United States / global |
| OpenRouter and AI model providers | AI draft generation, classification, summarization, and support-instruction suggestions when AI features are used. | United States / global |
| Shopify | Shopify store OAuth, order context, product context, customer context, fulfillment context, and customer-approved Shopify actions. | Canada / United States / global |
| Ship24 | Shipment tracking lookups and courier status refreshes when tracking features are used. | United States / global |
| Freshdesk | Historical ticket import when a customer connects or provides Freshdesk import credentials. | United States / global |
| GoDaddy and DNS providers | DNS hosting and domain records for application domains, inbound email domains, and customer sender verification records. | United States / global |
Customer-enabled integrations
Shopify, Ship24, Freshdesk, AI model providers, Postmark domain verification, and similar services may process Customer Data only when a customer enables, connects, configures, or uses the relevant feature. Customers are responsible for their own contracts, notices, consents, account permissions, and compliance obligations for connected services.
Changes
We may update this list as the Service changes. If required by applicable law, we will provide notice of material subprocessor changes and an opportunity to object as described in the Data Processing Addendum.