Last updated: May 26, 2026
SegMetrics engages a small number of third-party service providers — “subprocessors” — to help us deliver, host, and support our Services. This page is the canonical, living list of those subprocessors. It is referenced by, and forms part of, our Data Processing Agreement.
We list every subprocessor that may process Customer Personal Data, as well as the service providers that process Personal Data about SegMetrics account holders only. The distinction matters: only the first group has any access to data that flows through the SegMetrics Platform on behalf of our Customers.
How we manage subprocessor changes
We update this page whenever we add, remove, or replace a subprocessor. Per Section 11 of our DPA:
- We provide at least 30 days’ advance notice of any addition or replacement of a subprocessor that processes Customer Personal Data.
- Customers may object to a proposed subprocessor on reasonable data-protection grounds within the notice period. To object, email privacy@segmetrics.io and reference the subprocessor and the basis for your objection.
- If we cannot resolve an objection in good faith, the Customer may terminate the affected portion of the Services without penalty.
A. Subprocessors that may process Customer Personal Data
The following subprocessors may process Customer Personal Data (data that Customers upload, import, or transmit through the SegMetrics Platform about their end users).
| Subprocessor | Function | Location | Certifications |
|---|---|---|---|
| DigitalOcean, LLC | Primary application hosting and compute | United States (NYC region) | SOC 2, ISO 27001, GDPR-compliant DPA |
| Amazon Web Services, Inc. | Underlying infrastructure for managed database; object storage (S3) | United States (Oregon, us-west-2) | SOC 2, ISO 27001, ISO 27018, GDPR-compliant DPA |
| SingleStore, Inc. | Managed analytics database | United States (Oregon, us-west-2) | SOC 2 Type II, GDPR-compliant DPA |
| Cloudflare, Inc. | Content delivery network, DDoS protection, web application firewall | United States (global edge network) | SOC 2 Type II, ISO 27001, GDPR-compliant DPA |
| Functional Software, Inc. (Sentry) | Application error and performance monitoring | United States | SOC 2, GDPR-compliant DPA |
| OpenAI, LLC | AI Insights feature (opt-in; activated only when a Customer enables AI Features) | United States | SOC 2 Type II; API data is not used for model training |
| Help Scout, Inc. | Customer support ticketing (incidental processing only — applies when a Customer initiates contact with SegMetrics support) | United States | GDPR-compliant DPA |
B. Service providers that process SegMetrics account holder data only
These service providers process Personal Data about the individuals who hold or administer SegMetrics accounts on behalf of our Customers. They do not process the Customer Personal Data that flows through the Platform.
We list them here for transparency, even though they fall outside the technical definition of “subprocessor” in our DPA.
| Service Provider | Function | Location |
|---|---|---|
| ActiveCampaign, LLC | Marketing automation and product communications to SegMetrics account holders | United States |
| Sinch America, Inc. (Mailgun) | Transactional email delivery (authentication, notifications) to SegMetrics account holders | United States |
| Stripe, Inc. | Payment processing for SegMetrics subscription billing | United States |
Questions
For questions about this page, our use of subprocessors, or to file an objection to a proposed change, contact:
SegMetrics, Inc.
Email: privacy@segmetrics.io