Sub-processors
Last updated: April 17, 2026
Who touches your data: the third-party services we use to deliver Jamdesk. This page is the authoritative list and is updated as infrastructure changes.
Change Notifications
We provide customers with at least 30 days' advance notice before adding or replacing a sub-processor that processes customer personal data. To subscribe to changes, email us with the subject "Subprocessor Updates".
Customer Data Sub-processors
These services process Jamdesk customer account data, documentation content, or application data.
| Service | Purpose | Location | Data Categories |
|---|---|---|---|
| Google Cloud Platform | Infrastructure, compute, object storage, secret management | United States | Account data, documentation content, logs |
| Firebase (Google) | Authentication, Firestore database, hosting | United States | Account email, auth tokens, application data |
| Cloudflare | CDN, DDoS protection, R2 object storage, Workers | Global (edge) | IP addresses, request metadata, documentation assets (R2) |
| Vercel | Dashboard, marketing site, and ISR docs hosting | United States | IP addresses, request metadata |
| Stripe | Subscription billing and payment processing | United States | Billing name, address, payment method metadata |
| Resend | Transactional and marketing email delivery | United States | Email address, email content |
| Upstash | Rate limiting (Redis), vector search and AI chat context retrieval (Vector) | United States | Hashed IPs, rate-limit counters, documentation embeddings, chat query vectors |
| Anthropic | AI inference for documentation chat and AI features (Claude) | United States | User chat messages, documentation context passed to the model |
Marketing & Operational Processors
These services support the Jamdesk marketing site and internal operations. They do not process customer documentation, account, or billing data.
| Service | Purpose | Location | Data Categories |
|---|---|---|---|
| DigitalOcean | Jamdesk blog (Ghost CMS) hosting — marketing only | United States | Blog subscriber emails, blog comments (if enabled) |
| Crisp | Live chat widget on the marketing site — not used in product | France (EU) | Volunteered chat messages, visitor IP |
| Google Analytics & Google Ads | Marketing site analytics and ad measurement — consent-gated in EU/UK | United States | Cookie identifiers, truncated IP (only after consent) |
International Transfers
Most sub-processors are located in the United States. For transfers of EU/EEA/UK personal data to the US, we rely on the 2021 EU Standard Contractual Clauses (Module 2: Controller-to-Processor) and, where applicable, the UK International Data Transfer Addendum. These are incorporated by reference into our Data Processing Addendum.
Questions
For sub-processor questions, audit requests, or to request our DPA, contact privacy@jamdesk.com.