A subprocessor is a third-party service that Booflow uses to provide its software. We share only the minimum data necessary with each subprocessor, and each is contractually bound to handle that data with the same protections as Booflow itself.
We notify customers via email at least 30 days in advance before adding a new subprocessor that processes customer data, so they can object if needed.
| Subprocessor | Purpose | Location | Data |
|---|---|---|---|
| Amazon Web Services, Inc. (AWS) | S3 file storage (user-uploaded attachments) | USA (us-east-1) | User-uploaded files (logos, task attachments) and their metadata |
| Vercel, Inc. | Application hosting + CDN | USA (global edge) | All application traffic (encrypted in transit) |
| Supabase, Inc. | PostgreSQL database hosting | USA (selectable: us-east, eu-west) | All workspace, user, flow, task, and file metadata |
| Stripe, Inc. | Payment processing + billing | USA, EU, Mexico | Org name, billing email, payment method (handled by Stripe, never stored by Booflow) |
| Twilio SendGrid, Inc. | Transactional email delivery | USA | Recipient email, subject, message body, delivery metadata |
| Pusher Ltd. | Real-time WebSocket notifications | UK / USA | Workspace ID, ephemeral notification payloads |
| Functional Software, Inc. (Sentry) | Error tracking & performance monitoring | USA | Stack traces, request URLs, anonymized user ID |
| Upstash, Inc. | Rate-limiting (Redis) | USA / EU | IP addresses, request counters (no message content) |
| Google LLC | OAuth login + Drive/Calendar/Docs/Meet integrations (when user opts in) | USA (global) | Email, name, profile picture, Drive/Calendar/Docs data the user explicitly authorizes |
| Microsoft Corporation | OneDrive + Teams integrations (when user opts in) | USA (global) | Files and Teams messages the user explicitly authorizes |
| DocuSign, Inc. | E-signature (when org connects) | USA | Envelope IDs, signer email/name (we don't store the signed PDF) |
| Dropbox, Inc. | File storage (when org connects) | USA | Files the user explicitly uploads through Booflow |
| Slack Technologies, LLC | Notifications (when org connects) | USA | Workspace ID, channel/user IDs, message text |
| Zoom Video Communications, Inc. | Meeting creation (when org connects) | USA | Meeting metadata only (no recordings) |
| Calendly, LLC | Scheduling (when org connects) | USA | Event types, scheduling links |
Some of our subprocessors are located in the United States. Where customer data crosses borders (for example, an EU student's data being processed by a US-based subprocessor), Booflow relies on:
We commit to giving customers at least 30 days notice before adding a new subprocessor that handles personal data, via email to the workspace OWNER. Customers may object during that window; if we can't accommodate the objection, the customer may terminate their subscription with a pro-rated refund.
Email privacy@booflow.com with any subprocessor-related question.