We acknowledge that engaging sub-processors in GDPR Data chain might potentially introduce certain risks if not managed properly, which is why Delta Green takes a structured and diligent approach to managing them. Before entering into any relationship with an external vendor, we conduct a thorough assessment of the potential risks and impacts associated with that engagement according to ISO 27001 requirements.
Any sub-processor with access to data managed by Delta Green is required to provide clear documentation of their security policies, processes, and procedures. They must be able to demonstrate that they can ensure an appropriate level of protection for such data – including safeguards against misuse or compromise.
Vendors working with Delta Green must maintain robust information security programs, aligned with industry best practices and relevant legal requirements, to protect confidential and personal data. This includes strong technical and organizational safeguards, secure system configurations, controlled physical and logical access, encryption, regular monitoring and audits, timely incident response, and reliable business continuity measures. Vendors are expected to demonstrate compliance with these standards and ensure any third parties they engage do the same.
| Name | Purpose | Address (HQ) | Security | GDPR Data |
|---|---|---|---|---|
| Amplitude | Tracks user behavior in products | Amplitude Inc.201 3rd Street, Suite 200San Francisco, CA 94103United States | Security and Privacy | Covered by EU-U.S. Data Privacy Framework |
| ClickHouse | Application performance observability tool | ClickHouse, Inc., 3000 El Camino Real, Bldg 4, Suite 200, Palo Alto, CA 94306, USA | Security, Compliance | Covered by EU-U.S. Data Privacy Framework |
| Google Cloud | Hosting infrastructure, data storage, and computing services | Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | DPA, Compliance Reports | Data stored within EEA; |
| Covered by EU-U.S. Data Privacy Framework | ||||
| Mailgun | E-mail delivery services | Mailgun Technologies, Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA | Security | Covered by EU-U.S. Data Privacy Framework |
| Mailjet | E-mail delivery services | Mailjet SAS, 13-13 bis, rue de l’Aubrac, 75012 Paris, France | Security, Data Privacy | Data stored within EEA |
| OpenAI | AI-powered support | 1455 3rd Street, San Francisco, CA 94158, United States | DPA | Data stored within EEA |
| Scaleway | Cloud hosting & infrastructure | Scaleway SAS, 8 rue de la Ville-l’Evêque, 75008 Paris, France | Compliance | Data stored within EEA |
| Sentry | Application performance observability tool | Functional Software, Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA | Security | Covered by EU-U.S. Data Privacy Framework |
| Typeform | Form collection and surveys | Typeform S.L., Carrer de Pallars 108, 08018 Barcelona, Spain | Security | Data stored within EEA |
| Name | Purpose | Address (HQ) | Security | GDPR Data |
|---|---|---|---|---|
| Daktela | Call center platform for customer support management. | Vinohradská 2828/151,130 00 Praha 3 - Žižkov, CZ | Legal, GDPR, DORA | Data stored within EEA |
| Google Workspaces | Email, collaboration, productivity | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | DPA, Compliance Reports | Data stored within EEA; |
| Covered by EU-U.S. Data Privacy Framework | ||||
| Notion | Knowledge base, project management, documentation | Notion Labs, Inc., 548 Market St, San Francisco, CA 94104, USA | Security | Covered by EU-U.S. Data Privacy Framework |
| Slack | Internal communication tool | Slack Technologies Limited, Salesforce Tower 60, R801, North Dock, Dublin, Ireland | Security | Data stored within EEA |
Last Review: 30. 3. 2026 by Martin Cermak (DPO)