We acknowledge that engaging sub-processors might potentially introduce certain risks if not managed properly, which is why Delta Green takes a structured and diligent approach to managing them. Before entering into any relationship with an external vendor, we conduct a thorough assessment of the potential risks and impacts associated with that engagement.
Any sub-processor with access to data managed by Delta Green is required to provide clear documentation of their security policies, processes, and procedures. They must be able to demonstrate that they can ensure an appropriate level of protection for such data – including safeguards against misuse or compromise.
Vendors working with Delta Green must maintain robust information security programs, aligned with industry best practices and relevant legal requirements, to protect confidential and personal data. This includes strong technical and organizational safeguards, secure system configurations, controlled physical and logical access, encryption, regular monitoring and audits, timely incident response, and reliable business continuity measures. Vendors are expected to demonstrate compliance with these standards and ensure any third parties they engage do the same.
| Name | Purpose | Address (HQ) | Security | GDPR Data |
|---|---|---|---|---|
| Amplitude | Tracks user behavior in products | Amplitude Inc.201 3rd Street, Suite 200San Francisco, CA 94103United States | Security and Privacy | Covered by EU-U.S. Data Privacy Framework |
| ClickHouse | Application performance observability tool | ClickHouse, Inc., 3000 El Camino Real, Bldg 4, Suite 200, Palo Alto, CA 94306, USA | Security, Compliance | Covered by EU-U.S. Data Privacy Framework |
| Forecast.Solar | FVE Predictions | Knut Kohl Consulting, Dobertschiner Weg 306188 Landsberg, Germany | Website | Data stored within EEA |
| Google Cloud | Hosting infrastructure, data storage, and computing services | Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | DPA, Compliance Reports | Covered by EU-U.S. Data Privacy Framework |
| Google Looker Studio | Internal dashboards for support | Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | DPA, Compliance Reports | Covered by EU-U.S. Data Privacy Framework |
| Mailgun | E-mail delivery services | Mailgun Technologies, Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA | Security | Covered by EU-U.S. Data Privacy Framework |
| Mailjet | E-mail delivery services | Mailjet SAS, 13-13 bis, rue de l’Aubrac, 75012 Paris, France | Security, Data Privacy | Data stored within EEA |
| Montel AS | Energy market data services | Montel AS, Nedre Vollgate 4, 0158 Oslo, Norway | Website | Data stored within EEA |
| ngrok | Secure tunneling / API exposure | ngrok Inc., 548 Market St PMB 45514, San Francisco, CA 94104-5401, USA | Security | Covered by EU-U.S. Data Privacy Framework |
| OpenAI | AI-powered support | 1455 3rd Street, San Francisco, CA 94158, United States | DPA | Data stored within EEA |
| Productboard | Product management platform for product roadmap planning. | 333 Bush Street, 20th Floor, San Francisco, CA 94104, USA | Trust Center, Security Standards, ISO27001 & SOC2 | Covered by EU-U.S. Data Privacy Framework |
| Scaleway | Cloud hosting & infrastructure | Scaleway SAS, 8 rue de la Ville-l’Evêque, 75008 Paris, France | Compliance | Data stored within EEA |
| Sentry | Application performance observability tool | Functional Software, Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA | Security | Covered by EU-U.S. Data Privacy Framework |
| Tailscale | VPN / Zero trust networking | Tailscale Inc., 370 King Street West, Suite 402, Toronto, Ontario, Canada | Security | Covered by the EC adequacy decision |
| Typeform | Form collection and surveys | Typeform S.L., Carrer de Pallars 108, 08018 Barcelona, Spain | Security | Data stored within EEA |
| Visual Crossing | Weather and geospatial data | Visual Crossing Corporation, 19309 Winmeade Drive, Suite 216, Lansdowne, VA 20176, USA | Privacy Policy | Visual Crossing TIA 2025 |
| wflow | Electronic document signing and workflow management | wflow.com Czech Republic s.r.o., Pobřežní 658/34, 186 00 Praha, Czech Republic | Terms, Privacy Policy, Security | Data stored within EEA |
| Name | Purpose | Address (HQ) | Security | GDPR Data |
|---|---|---|---|---|
| Cleverbridge GmbH | Payment processor | Cleverbridge GmbH, Gereonstrasse 43-65, 50670 Cologne, Germany | Privacy Policy | Data stored within EEA |
| Daktela | Call center platform for customer support management. | Vinohradská 2828/151,130 00 Praha 3 - Žižkov, CZ | Legal, GDPR, DORA | Data stored within EEA |
| Google Workspaces | Email, collaboration, productivity | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland | DPA, Compliance Reports | Data stored within EEA |
| iPodnik cloud s.r.o. | Cloud / hosting services | V Olšinách 2300/75, 100 00 Praha 10, Czech Republic | Privacy Policy | Data stored within EEA |
| Notion | Knowledge base, project management, documentation | Notion Labs, Inc., 548 Market St, San Francisco, CA 94104, USA | Security | Covered by EU-U.S. Data Privacy Framework |
| Pipedrive | CRM | Pipedrive OU, Mustamäe tee 3a, 10615 Tallinn, Estonia | Security | Data stored within EEA |
| Pohoda | Accounting / ERP software | STORMWARE s.r.o., Brněnská 602/63, 586 01 Jihlava, Czech Republic | Website | Data stored within EEA |
| Seyfor a.s. | ERP / Accounting systems | Seyfor, a.s., Drobného 49, 602 00 Brno, Czech Republic | Privacy Policy | Data stored within EEA |
| Shoptet a.s. | E-commerce platform | Dvořeckého 628/8, 169 00 Praha 6, Czech Republic | Security Protocol | Data stored within EEA |
| Slack | Internal communication tool | Slack Technologies Limited, Salesforce Tower 60, R801, North Dock, Dublin, Ireland | Security | Data stored within EEA |
| ZenLeads (Apollo.io) | Sales intelligence | ZenLeads Inc., 440 N Barranca Ave #3706, Covina, CA 91723, USA | Privacy Policy | Covered by EU-U.S. Data Privacy Framework |
Last Review: 6. 2. 2026 by Martin Cermak (DPO)