Sub-processors
Last updated 12 June 2026 · Effective 3 June 2026
To provide GG we use the third-party providers ("sub-processors") below. Each is bound by a data-processing agreement with obligations at least as protective as our own Data Processing Addendum. We update this page before adding or replacing a sub-processor.
Current sub-processors
| Provider | Service | Data processed | Location |
|---|---|---|---|
| Anthropic | AI summarisation, intent classification and enrichment evaluation (Claude) | Communication content and client data sent at request time to generate output; not used to train models | USA / EU |
| Stripe | Payment processing & billing | Billing contact, plan, payment-method tokens (card data handled by Stripe) | USA / EU |
| Resend | Transactional & invite email delivery | Recipient email, name and message content | USA / EU |
| [Hosting provider — e.g. IONOS] | Cloud hosting, database & backups | All Customer Data at rest | EU |
Planned / activated when you connect a channel
The following are used only if your workspace enables the relevant live communication channel. Until you connect a channel, no data flows to them.
| Provider | Service | Data processed | Location |
|---|---|---|---|
| [Email provider — e.g. Nylas] | Mailbox connection & email sync | Email metadata and content from connected mailboxes | USA / EU |
| [Messaging/voice — e.g. Twilio] | WhatsApp & voice connectivity | Phone numbers, message and call metadata/content | USA / EU |
| [Transcription — e.g. Deepgram] | Call transcription | Call audio for transcription | USA |
| [Enrichment — e.g. OpenCorporates] | Company registry enrichment | Company names/identifiers queried for enrichment | EU / UK |
Public data sources (not sub-processors)
- EU VIES — VAT number validation and EU company details.
- Public web & registries — used for confirm-before-save client enrichment; we read public information, we do not send your Customer Data to them.
Change notices
To be notified of changes to this list, email legal@taskgg.com and ask to be added to our sub-processor notification list. Under the DPA you may object to a new sub-processor on reasonable data-protection grounds.
Template for transparency, not legal advice. Keep this list accurate — it is a GDPR obligation. Replace bracketed providers with the vendors you actually use and confirm each one’s processing location and DPA before launch.