Sub-processors
Last updated: July 15, 2025
To support the delivery of our services, Portant.co may engage third-party service providers ("sub-processors") to process personal data on our behalf. We carefully vet each provider and ensure they are contractually bound to protect personal data in accordance with applicable privacy laws.
1. List of sub-processors
| Sub-processor | Nature and Purpose of Processing | Categories of personal data | Location | Security / DPA |
|---|---|---|---|---|
| Copper CRM, Inc. | Customer relationship management | Contact data, sales activity | US | Copper GDPR Compliance |
| Google LLC (Google Cloud) | Cloud infrastructure services | Application data, storage, compute | Global | Google Cloud DPA |
| Google LLC (Google Workspace) | Email, calendar, document storage, chat | Emails, documents, user metadata | Global | Google Workspace DPA |
| HubSpot, Inc. | Marketing, sales, CRM | Contact data, marketing analytics | US | HubSpot DPA |
| Intercom R&D Unlimited Company | Customer messaging platform | Messages, user behavior data | Global | Intercom DPA |
| Microsoft Corporation | Productivity and cloud services | Emails, documents, user data | Global | Microsoft DPA |
| OpenAI, L.P. | User selected AI language model services | Text inputs | US | OpenAI DPA |
| AC PM LLC (Postmark) | Transactional email delivery | Contact data, email content, metadata | US | Postmark DPA |
| Stripe, Inc. | Payment processing services | Payment data, customer information | Global | Stripe DPA |
| Zapier, Inc. | Workflow automation | Workflow data, user credentials | US | Zapier DPA |
2. Updates and Notifications
We are committed to transparency regarding the third-party service providers we engage. Our list of sub-processors may change as our business evolves. When we add or replace a sub-processor who may process personal data, we will update this page. Where required by applicable data protection laws (such as the GDPR), we will provide our customers with prior notice of any intended changes, typically via email to the account owner or primary contact at least 30 days before the new sub-processor begins processing personal data, except where a shorter notice period is required for urgent operational reasons.
During this notice period, customers may object to the engagement of a new sub-processor by contacting us at dpo@portant.co with a valid, reasonable objection related to data protection risks. We will work in good faith to resolve any objections. If no objection is received within the notice period, the change will be deemed accepted. We encourage all customers to check this page periodically for the latest information.