

Subprocessors
To deliver Customerly we rely on a small number of carefully selected third-party providers. This page lists every subprocessor that may process personal data on your behalf, what it does, and where it processes data.
Last updated on July 7, 2026
Current subprocessors
Each subprocessor is bound by a data processing agreement, and access to personal data is limited to what is strictly necessary to deliver the subcontracted service.
| Subprocessor | Purpose | Processing location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, storage, databases, and backups for the entire Customerly platform | European Union |
| Microsoft Azure OpenAI Service | Large language model processing powering Aura, our AI customer support agent | European Union |
| Pinecone | Vector database for AI knowledge retrieval, grounding Aura's answers in your help center content | European Union |
| Stripe | Payment processing and subscription billing | European Union & United States |
| OneSignal | Push notification delivery to mobile and web devices | United States |
Other third-party services
These services distribute our applications but do not process your customers' personal data on our behalf:
- Apple App Store: Distribution of the Customerly iOS mobile application
- Google Play: Distribution of the Customerly Android mobile application
Changes to this list
We update this page whenever we engage a new subprocessor or replace an existing one. Material changes are notified to the email address registered under your Data Processing Agreement, so you can raise objections before the change takes effect.
For questions about our subprocessors or data processing practices, see our Security page and GDPR page, or contact us at legal@customerly.io.
Subprocessors FAQ
How Customerly selects, binds, and monitors its third-party providers.
A subprocessor is a third-party service provider that Customerly engages to process personal data on behalf of our customers as part of delivering our services, for example the cloud provider hosting our infrastructure. Under GDPR, we remain responsible for the data our subprocessors handle.
Before engaging a subprocessor we evaluate its security posture, certifications, and data protection practices. Every subprocessor is bound by a data processing agreement that ensures adequate technical and organizational measures, and access to personal data is limited strictly to what is necessary to deliver the subcontracted service, as set out in our Data Processing Agreement.
Hosting, databases, backups, and AI processing all run within the European Union. Where a subprocessor processes data outside the EU (for example payment or notification services), transfers rely on GDPR-compliant mechanisms such as Standard Contractual Clauses and the EU-US Data Privacy Framework.
We update this page whenever we add or replace a subprocessor. Material changes are communicated to the notification email registered under your Data Processing Agreement, giving you the opportunity to raise objections before the change takes effect.
Aura processes conversations through Azure OpenAI Service within the EU region, and knowledge retrieval runs on Pinecone in the EU region. These providers process the data solely to deliver the service to Customerly and are contractually bound not to use it for other purposes.

