Sub-processors
Third-party service providers that process Customer Data on behalf of GPU IQ. Listed here for transparency and to support the notification obligations in our Data Processing Agreement. External public data sources that we query without transmitting Customer Data are disclosed at the bottom of this page.
What counts as Customer Data
Authentication identifiers (email, name, OAuth tokens). Tenant configuration and account records. Scored prospect lists, facility capex briefs, deal records. Free-text prompts and meeting notes submitted to AI features. Contact-enrichment lookup queries. Transactional communications (email body, PDF attachments, lead capture).
Infrastructure and hosting
| Service | Vendor | Purpose | Data processed | Location | Certifications | Privacy notice |
|---|---|---|---|---|---|---|
Vercel | Vercel Inc. | Web hosting, Edge Functions, Cron | All HTTP request and response traffic, ephemeral compute | US (primary: IAD / Washington DC), global edge | SOC 2 Type II, ISO 27001 | vercel.com/legal/privacy-policy |
Neon | Neon Inc. | Managed PostgreSQL database | Customer account records, signals, scores, contacts, sessions, audit log, facility capex briefs | US (AWS us-east-2) | SOC 2 Type II | neon.tech/privacy-policy |
Cloudflare | Cloudflare Inc. | Workers and Durable Objects for AI agents, cron | Transient AI agent payloads during request lifetime | Global edge | SOC 2 Type II, ISO 27001, PCI DSS | cloudflare.com/privacypolicy |
Authentication and identity
| Service | Vendor | Purpose | Data processed | Location | Certifications | Privacy notice |
|---|---|---|---|---|---|---|
Firebase Authentication | Google LLC | Google OAuth 2.0 and passwordless magic-link authentication | Email address, Google identity tokens, session metadata, device fingerprint | Google Cloud (global) | SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018 | firebase.google.com/support/privacy |
AI and language models
| Service | Vendor | Purpose | Data processed | Location | Certifications | Privacy notice |
|---|---|---|---|---|---|---|
Claude API | Anthropic PBC | Language-model inference across 15+ AI endpoints (account scoring, deal builder, meeting intelligence, AI teammates, brief generation) | Customer-authored prompts which may include account data, prospect information, meeting transcripts, and configured agent context | US (AWS) | SOC 2 Type II. No training on API data per commercial terms. | anthropic.com/legal/privacy |
Contact and firmographic enrichment
| Service | Vendor | Purpose | Data processed | Location | Certifications | Privacy notice |
|---|---|---|---|---|---|---|
Hunter.io | Emailhunter SAS | Buying-committee email lookup and verification | Company domain plus role queries. Returns verified email addresses associated with the domain. | France / EU | GDPR compliance published. ISO 27001 in pursuit. | hunter.io/privacy |
PeopleDataLabs | PeopleDataLabs Inc. | Company enrichment (employee count, revenue, tech stack, NAICS, parent company) | Company domain queries. Returns firmographic record. | US | SOC 2 Type II | peopledatalabs.com/privacy-policy |
Market and hiring signals
| Service | Vendor | Purpose | Data processed | Location | Certifications | Privacy notice |
|---|---|---|---|---|---|---|
Adzuna | Adzuna Ltd. | Job-posting search (hiring-intent signal) | Company name and domain queries | UK / US | UK GDPR compliance | adzuna.com/privacy-policy |
NewsAPI | NewsAPI.org | News article search | Company name and domain queries | UK / US | — | newsapi.org/privacy |
Communications and messaging
| Service | Vendor | Purpose | Data processed | Location | Certifications | Privacy notice |
|---|---|---|---|---|---|---|
Resend | Resend, Inc. | Transactional email (partner business case PDFs, account notifications, welcome and magic-link emails) | Recipient email, name, PDF attachment content | US | SOC 2 Type II | resend.com/legal/privacy-policy |
Slack (webhook) | Slack Technologies | Internal alerts on new partner leads | New-lead summary (name, company, email, estimated size) posted to an internal Slack channel | US | SOC 2 Type II, ISO 27001 | slack.com/trust/privacy/privacy-policy |
Analytics and monitoring
Currently none deployed. Vercel Analytics is enabled on public pages in cookie-less mode (no personal data associated with the visit). This section is reserved for future additions which will be disclosed here before activation.
Not sub-processors (disclosed for transparency)
The Service queries the following public APIs for market-intelligence signals. Query parameters are generally industry codes, geography, or public company identifiers. No Customer Data is transmitted except an API key that identifies GPU IQ.
- GitHub API (GitHub Inc.)
- SEC EDGAR / EFTS (U.S. Securities and Exchange Commission)
- RIPE Stat BGP (RIPE NCC)
- NSF Awards API, NIH RePORTER, OpenAlex
- USPTO PatentsView, FCC Broadband Map, U.S. Census CBP, BLS, NTIA
- Hugging Face Hub, Semantic Scholar
- Reddit (OAuth 2.0), Google Trends, Apple iTunes Search (consumersignals.gpuiq.ai only)
- Azure Retail Prices API, RunPod, Vast.ai, Vultr, TensorDock, Lambda Labs, Akamai / Linode, FluidStack, Hetzner (GPU cloud pricing aggregation)
The following integrations send data to systems operated by the customer, not by GPU IQ sub-processors. The customer's own contract with the vendor governs data processing at that endpoint: Salesforce (customer's own org, via OAuth 2.0 Client Credentials flow).
Change notifications
Material additions, removals, or changes to the sub-processor list are announced at least 30 days before the change takes effect, by email to the primary Customer contact of record, and by update to this page. Customers may object to a new sub-processor in writing within the notice period.
Contact
Questions about this list, or data-subject requests: privacy@gpuiq.ai