Subprocessor List
The third-party services Heyou relies on. We don't use subprocessors to create cross-customer datasets.
In this document
Heyou uses a limited set of third-party subprocessors required to provide, operate, secure, support, and bill for the service.
Current Subprocessors ¶
| Subprocessor | Purpose | Typical Data Categories | Status |
|---|---|---|---|
| Google Cloud Platform / Vertex AI | Cloud hosting, infrastructure, storage, logging, monitoring, and approved AI processing through Vertex AI / Gemini | Customer Data, service metadata, logs, prompts and outputs where AI processing is used | Required for core service |
| Descope | Identity, authentication, SSO, user management, and access-control workflows | User account identifiers, authentication metadata, access-control metadata | Required for authentication |
| Customer.io | Customer communications, product notifications, lifecycle emails, and service-related messaging | Business contact information, product-notification metadata | Used for communications |
| Stripe | Billing, subscription management, invoicing, and payment-related workflows | Billing contact information, subscription and invoice metadata, payment-related records | Used for billing |
| Attio | CRM and customer relationship management | Business contact information, account records, sales notes, commercial relationship data | Business operations |
| Fathom | Meeting recording, transcription, call summaries, and meeting intelligence for customer or prospect interactions, where used | Meeting participant information, recordings, transcripts, summaries | Used where meetings are recorded or summarized |
Heyou does not sell Customer Data, does not use subprocessors to create cross-customer datasets, and does not use one customer’s data to benefit another customer. Data shared with each subprocessor is limited to what is necessary for the applicable service purpose.
Subprocessors that process Customer Data or personal data on Heyou’s behalf are governed by contractual data protection obligations, including confidentiality, security, and breach-notification commitments. Heyou provides customers with advance notice of material subprocessor changes in accordance with the DPA.
Some subprocessors may process only limited business contact information or operational metadata, depending on how the customer uses Heyou and how Heyou supports the account.
User-authorized third-party platforms that a user chooses to connect are not subprocessors of Heyou. Those platforms operate the user’s account independently and are governed by the user’s direct relationship with the platform.