Documentation Index
Fetch the complete documentation index at: https://docs.drymerge.com/llms.txt
Use this file to discover all available pages before exploring further.
Last Updated: October 22, 2025
This page lists the third-party sub-processors that DryMerge, Inc. (“DryMerge”) uses to process customer data in connection with providing our Services. This list is maintained in accordance with our Data Processing Agreement.
Notification of Changes
DryMerge will provide at least 30 days’ prior notice of the addition or replacement of any sub-processor by updating this page and sending an email notification to your account email address. You may subscribe to notifications by contacting privacy@drymerge.com.
Infrastructure and Hosting Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|
| Amazon Web Services (AWS) | Cloud infrastructure, data storage, and hosting | All customer data including personal information, workflow data, and integrations | United States | AWS DPA |
AI and Machine Learning Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|
| OpenAI | AI model inference for chatbot responses (only when explicitly enabled by customer) | Message text, automation context (when AI features are enabled) | United States | OpenAI Privacy Policy |
| Anthropic | AI model inference for chatbot responses (only when explicitly enabled by customer) | Message text, automation context (when AI features are enabled) | United States | Anthropic Privacy Policy |
- AI processing is opt-in only and requires explicit customer consent through an AI checkbox when creating automations
- OpenAI and Anthropic do not store customer data or use it to train their models
- Only the minimum necessary data is shared for inference purposes
- All processing is done in real-time without long-term storage
Analytics and Monitoring Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|
| PostHog | Product analytics and feature usage tracking | User behavior data, anonymized usage metrics, feature flags | United States / EU | PostHog DPA |
| Google Analytics | Website analytics | Page views, user interactions, anonymized browsing data | United States | Google Analytics DPA |
Payment Processing Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|
| Stripe | Payment processing and subscription management | Payment information, billing details, transaction data | United States | Stripe DPA |
Communication Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|
| SendGrid (Twilio) | Transactional email delivery | Email addresses, email content, delivery metadata | United States | Twilio DPA |
| Slack | Internal team communications and support | Support ticket content, customer inquiries | United States | Slack DPA |
| Integration Category | Examples | Data Processed | Note |
|---|
| CRM Systems | HubSpot, Salesforce, Attio, Pipedrive | Contact data, company data, deal information, activity logs | Customer-controlled via OAuth |
| Communication Tools | Gmail, Outlook, Slack, Microsoft Teams | Email content, messages, calendar events, contacts | Customer-controlled via OAuth |
| Productivity Apps | Google Workspace, Microsoft 365, Notion, Airtable | Documents, spreadsheets, databases, project data | Customer-controlled via OAuth |
| E-commerce Platforms | Shopify, WooCommerce, Stripe | Order data, customer information, product catalogs | Customer-controlled via OAuth |
| Marketing Tools | Mailchimp, ActiveCampaign, Intercom | Contact lists, campaign data, subscriber information | Customer-controlled via OAuth |
Data Transfer Mechanisms
For sub-processors located outside the European Economic Area (EEA), DryMerge ensures adequate data protection through:
- Standard Contractual Clauses (SCCs): Approved by the European Commission for international data transfers
- Adequacy Decisions: Relying on adequacy decisions where applicable
- Supplementary Measures: Including encryption, access controls, and contractual commitments
Sub-processor Security Requirements
All sub-processors are required to:
- Implement appropriate technical and organizational security measures
- Process data only in accordance with documented instructions
- Ensure confidentiality of personnel with access to personal data
- Assist with data subject rights requests and security incidents
- Delete or return data upon termination of services
- Submit to audits and provide compliance documentation
Objecting to a Sub-processor
If you object to DryMerge’s use of a new sub-processor, you may:
- Notify us in writing at privacy@drymerge.com within 10 business days of receiving notice
- Provide specific reasons for your objection based on legitimate data protection concerns
- Work with us to identify alternative solutions
We will use reasonable efforts to accommodate valid objections, including making available changes in the Services or recommending configuration adjustments.
For questions about our sub-processors or to request additional information about data processing practices, please contact:
DryMerge, Inc.
Data Protection Officer
Email: privacy@drymerge.com
For a copy of our Data Processing Agreement, visit: /legal-policies/data-processing-agreement/page
Note: This list is current as of the last updated date shown above. DryMerge reserves the right to add or change sub-processors with appropriate notice as outlined in our Data Processing Agreement.
