Sub-processors

Last updated: January 16, 2026

BugHarbor uses the following sub-processors to provide our services. We maintain data processing agreements with all sub-processors to ensure your data is protected.

Overview

BugHarbor engages certain third-party service providers ("Sub-processors") to help us provide, maintain, and improve our services. These Sub-processors may process personal data on our behalf. We maintain strict data processing agreements with all Sub-processors to ensure they meet the same high standards for data protection and security.

Notification of Changes: We will notify customers of any new Sub-processors at least 30 days before they begin processing personal data. If you object to a new Sub-processor, you may terminate your subscription within 30 days of the notification.

Current Sub-processors

AI Processing Services

OpenAI, Inc.

  • Purpose: AI-powered analysis of feedback, including summarization, categorization, priority suggestions, and solution recommendations
  • Location: United States
  • Data Processed: Feedback content (title, description), metadata
  • Safeguards: Standard Contractual Clauses (SCCs), Data Processing Agreement
  • Website: openai.com

Payment Processing

Paddle Market Ltd.

  • Purpose: Payment processing, subscription management, invoicing
  • Location: United Kingdom, European Union
  • Data Processed: Payment information, billing details, transaction data
  • Safeguards: PCI DSS compliance, GDPR compliance, Data Processing Agreement
  • Website: paddle.com

Hosting & Infrastructure

Hosting Provider

  • Purpose: Application hosting, database storage, file storage
  • Location: [To be configured based on your hosting provider]
  • Data Processed: All application data, user data, feedback data, attachments
  • Safeguards: Data Processing Agreement, security certifications

Email Services

Email Service Provider

  • Purpose: Sending transactional emails, notifications, marketing communications
  • Location: [To be configured based on your email provider]
  • Data Processed: Email addresses, names, email content
  • Safeguards: Data Processing Agreement, encryption in transit

Analytics & Monitoring

Analytics Provider

  • Purpose: Application performance monitoring, error tracking, usage analytics
  • Location: [To be configured based on your analytics provider]
  • Data Processed: Usage data, error logs, performance metrics (anonymized where possible)
  • Safeguards: Data Processing Agreement, data minimization

Data Processing Safeguards

All Sub-processors are required to:

  • Process personal data only in accordance with our instructions
  • Implement appropriate technical and organizational security measures
  • Comply with applicable data protection laws, including GDPR and CCPA
  • Notify us of any data breaches without undue delay
  • Allow for audits and inspections where required
  • Delete or return personal data upon termination of services

International Data Transfers

Some Sub-processors may process personal data outside the European Economic Area (EEA) or the United Kingdom. In such cases, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by applicable law

Objecting to Sub-processors

If you object to the addition of a new Sub-processor, you may notify us within 30 days of our notification. We will work with you to find a mutually acceptable solution. If no solution is found, you may terminate your subscription in accordance with our Terms of Service.

Updates to This List

We will update this list when we add or remove Sub-processors. We recommend checking this page periodically for updates. For enterprise customers, we will notify you directly of any changes.

Contact

If you have questions about our Sub-processors or wish to object to a Sub-processor, please contact us at privacy@bugharbor.space.