Security Portal
Legal & Trust
This page lists all third-party sub-processors that 90 Seconds engages to process personal data on behalf of our customers. In accordance with GDPR Article 28, we maintain this list and notify customers of any changes.
90 Seconds uses the following sub-processors to host customer data or provide core infrastructure services.
Scroll horizontally on smaller screens to view all columns.
| Sub-Processor | Purpose | Location | Data Processed | Certifications |
|---|---|---|---|---|
| Google Cloud Platform | Primary cloud infrastructure, data storage, compute | US, Taiwan, Finland | All customer data | SOC 2, ISO 27001/27017/27018, ISO 27701, PCI DSS, FedRAMP |
| Cloudflare | CDN, DDoS protection, WAF, DNS | Global (330+ PoPs) | Traffic metadata, encrypted requests | SOC 2, ISO 27001/27701/27017/27018, PCI DSS, FedRAMP |
These providers support monitoring, logging, observability, analytics, and product improvement.
Scroll horizontally on smaller screens to view all columns.
| Sub-Processor | Purpose | Location | Data Processed | Certifications |
|---|---|---|---|---|
| DataDog | Application monitoring, logging, observability | US (Virginia) | Logs, metrics, IP addresses, user IDs | SOC 2, ISO 27001/27017/27018/27701, FedRAMP |
| Segment | Customer data platform, event routing | US (Oregon) | User events, analytics data | SOC 2, ISO 27001/27018 |
| FullStory | Session replay, user analytics | US (Virginia) | Pseudonymized user behavior data | SOC 2, ISO 27001/27701 |
These providers support transactional messaging, in-app communications, and real-time product interactions.
Scroll horizontally on smaller screens to view all columns.
| Sub-Processor | Purpose | Location | Data Processed | Certifications |
|---|---|---|---|---|
| SendGrid | Transactional & marketing email delivery | US (Virginia) | Email addresses, message content | SOC 2, ISO 27001 |
| Sendbird | In-app messaging, chat features | EU (Germany) | Message content, user metadata | SOC 2, ISO 27001 |
| Pusher | Real-time WebSocket messaging | EU (Netherlands) | Transient event data | SOC 2 |
These providers support customer relationship management and consent management.
Scroll horizontally on smaller screens to view all columns.
| Sub-Processor | Purpose | Location | Data Processed | Certifications |
|---|---|---|---|---|
| HubSpot | CRM, marketing automation | US (Virginia) | Contact data, communication history | SOC 2, ISO 27001 |
| CookieYes | Cookie consent management | UK (London) | Visitor consent preferences | GDPR, IAB TCF 2.2 |
These providers support payments, accounting, and financial operations.
Scroll horizontally on smaller screens to view all columns.
| Sub-Processor | Purpose | Location | Data Processed | Certifications |
|---|---|---|---|---|
| Stripe | Payment processing | US (Oregon) | Payment card data, billing info | PCI DSS Level 1, SOC 1/2/3, ISO 27001/27701 |
| Xero | Accounting, invoicing | Australia, US | Internal financial data | SOC 2, ISO 27001 |
We will update this page whenever we add a new sub-processor, remove an existing sub-processor, or change the scope of processing for an existing sub-processor.
We provide 30 days' notice before engaging a new sub-processor for processing personal data. If you object to a new sub-processor, please contact us within this period.
Subscribe to UpdatesWe have executed Data Processing Agreements with all sub-processors listed above, ensuring they: