Official Subprocessors List — allmates.ai

Access the official and up-to-date list of all subprocessors engaged by allmates.ai (Dearfox) for the processing of personal data, in compliance with Article 28 of the GDPR.

Last updated 1 day ago

📋 Official Subprocessors List — allmates.ai by Dearfox

Last updated: March 2026 | Standard: Article 28 GDPR | CISO: Julien Guarino

What is a Subprocessor?

A subprocessor is any third-party company that Dearfox (the data processor) engages to process personal data on behalf of its customers (the data controllers), in the context of delivering the allmates.ai platform.

In accordance with Article 28 of the GDPR, Dearfox maintains a complete and up-to-date register of all subprocessors and ensures that each one provides sufficient guarantees regarding the protection of personal data.

📄 Access the Full Subprocessors List

The official and always up-to-date list of all allmates.ai subprocessors is publicly available here:

🔗 allmates.ai Subprocessors Register (Google Sheets)

This document is maintained by the Dearfox security team and updated whenever a subprocessor is added, modified, or removed.

What's in the Document?

The register lists 14 subprocessors across 6 categories. For each subprocessor, the following information is provided:

Subprocessor name and parent company
Category (Infrastructure, AI & Data Enrichment, Security, etc.)
Purpose of the data processing
Types of data processed
Data location — EU/EEA or third country
GDPR transfer mechanism — Standard Contractual Clauses (SCCs), DPA, or EU/EEA hosting

Subprocessors by Category

☁️ Infrastructure & Hosting

Subprocessor	Parent Company	Data Location
Google Cloud	Google LLC	🟢 EU (europe-west1)
Google Workspace	Google LLC	🟢 EU
Supabase (self-hosted)	Open Source	🟢 EU
Lovable	Lovable Inc.	🟢 EU

📧 Email & Communication

Subprocessor	Parent Company	Data Location
SendGrid	Twilio Inc.	🟡 United States — SCCs
Slack	Salesforce Inc.	🟡 United States — SCCs
Notion	Notion Labs Inc.	🟡 United States — SCCs

📊 CRM & Marketing

Subprocessor	Parent Company	Data Location
HubSpot	HubSpot Inc.	🟡 EU / United States — DPA + SCCs

🤖 AI & Data Enrichment

Subprocessor	Parent Company	Data Location
Perplexity AI	Perplexity Inc.	🟡 United States — SCCs
ElevenLabs	ElevenLabs Inc.	🟡 United States — SCCs

🔗 Integration & Automation

Subprocessor	Parent Company	Data Location
Pipedream	Pipedream Inc.	🟡 United States — SCCs

🛡️ Security & Compliance

Subprocessor	Parent Company	Data Location
Drata	Drata Inc.	🟡 United States — SCCs
Wiz	Wiz Inc.	🟡 United States — SCCs

💬 Product & Feedback

Subprocessor	Parent Company	Data Location
Featurebase	Featurebase	🟢 EU

GDPR Compliance Summary

Category	Total	EU / EEA	Outside EU	Transfer Mechanism
Infrastructure & Hosting	4	4	0	EU/EEA — No transfer
Email & Communication	3	0	3	Standard Contractual Clauses (SCCs)
CRM & Marketing	1	0	1	DPA + SCCs
AI & Data Enrichment	2	0	2	Standard Contractual Clauses (SCCs)
Integration & Automation	1	0	1	Standard Contractual Clauses (SCCs)
Security & Compliance	2	0	2	Standard Contractual Clauses (SCCs)
Product & Feedback	1	1	0	EU/EEA — No transfer
TOTAL	14	5	9	All transfers governed by SCCs or DPA

All subprocessors outside the EU are bound by Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) or equivalent data processing agreements ensuring an adequate level of protection under GDPR Art. 46.

Change Notification Policy

Dearfox will notify partners of any material changes to this subprocessor list (addition, removal, or significant modification) in accordance with the terms of the applicable Data Processing Agreement (DPA).

For any questions regarding our subprocessors, data processing practices, or GDPR compliance posture, please contact: security@dearfox.io