To provide the Cognita platform we rely on a small set of third-party providers that may process personal data on our behalf. This page lists them and is kept current. Last updated 21 June 2026.
Each is engaged under a data-processing agreement and only for the purpose shown.
| Sub-processor | Purpose | Personal data | Entity location |
|---|---|---|---|
| Amazon Web Services | Cloud infrastructure — encryption keys (KMS) & evidence storage (S3) | Stored content, which may include personal data | United States (global regions) |
| Anthropic | AI model (Claude) powering AI-assisted features | Content submitted to AI features | United States |
| Clerk | Account authentication & identity | Name, email, authentication metadata | United States |
| Dubsado | Invoicing for partner engagements | Partner contact & invoice details | United States |
| Google (Workspace) | Corporate email — incl. inbound privacy/data-rights requests | Email content & addresses | United States (global infrastructure) |
| Inngest | Background job orchestration (incl. newsletter delivery scheduling) | Job event payloads | United States |
| PostHog | Product & funnel analytics | Pseudonymous usage events | European Union (EU Cloud) |
| Railway | Application hosting & primary database | All stored personal data | United States |
| Resend | Transactional & newsletter email delivery | Recipient email address & message content | United States (us-east-1, N. Virginia) |
| Sentry | Application error monitoring | Diagnostic data, which may incidentally include personal data | United States |
| Stripe | Payments & billing | Billing contact & payment metadata | United States |
| WorkOS | Enterprise SSO & directory sync (when enabled by a customer) | Workforce identity (name, email) | United States |
Where a sub-processor processes data outside the European Economic Area or the United Kingdom, that transfer is protected by appropriate safeguards — typically the EU Standard Contractual Clauses (and the UK Addendum) incorporated into our agreement with the provider.
We update this page before a new sub-processor begins processing personal data. Customers with a data-processing agreement may subscribe to change notifications — email [email protected] to be added. For the newsletter specifically, see how we handle your data on the privacy notice.
Data-protection questions, or a GDPR access / erasure request? Email [email protected].