We use certain third-party service providers ("subprocessors") to process personal data on behalf of our customers in connection with our services. These subprocessors are bound by data processing agreements and are contractually required to handle your data securely. A list of our subprocessors is shown below:
| Vendor | Category | Purpose | Location |
| HubSpot, Inc. | CRM | Customer relationship management platform used to manage contacts, deals, and sales pipeline data. | United States |
| Gong.io Inc. | Conversation Intelligence | AI-powered revenue intelligence platform that records, transcribes, and analyzes customer-facing sales conversations. | United States |
| Microsoft Corporation | Productivity Suite | Office productivity suite providing email (Exchange/Outlook), document creation and editing (Office applications), and cloud file storage (OneDrive / SharePoint). | United States |
| Nuvei Technologies Inc. | Payments | PCI-DSS compliant payment processing platform used for credit card transaction processing and related financial data handling. | United States |
| PandaDoc, Inc. | Electronic Signature | Document workflow and electronic signature platform used to create, send, and execute legally binding digital agreements and contracts. | United States |
| Twilio Inc. | SMS / Communications | Cloud communications platform used for delivery of SMS one-time passcodes (OTPs) for multi-factor authentication (MFA). | United States |
| Zoom Communications, Inc. | Video & Conferencing | Video and voice conferencing platform used for internal and external meetings, phone calls, call recordings, and meeting transcription. | United States |
| Lateetud Inc. | Document Intelligence | AI-driven document intelligence and intelligent automation services for data extraction, processing, and digital transformation workflows. | United States |
Objection Rights. If you have executed a Data Processing Agreement (DPA) with us, you may object to a new or changed subprocessor by contacting dataprivacy@creditriskmonitor.com within 30 days of the notification. Please include your company name, the name of the subprocessor, and the grounds for objection. For more information, see our Privacy Policy and Data Processing Agreement.