Notification of Changes
DryMerge will provide at least 30 days’ prior notice of the addition or replacement of any sub-processor by updating this page and sending an email notification to your account email address. You may subscribe to notifications by contacting privacy@drymerge.com.Infrastructure and Hosting Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, data storage, and hosting | All customer data including personal information, workflow data, and integrations | United States | AWS DPA |
AI and Machine Learning Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|---|---|---|---|
| OpenAI | AI model inference for chatbot responses (only when explicitly enabled by customer) | Message text, automation context (when AI features are enabled) | United States | OpenAI Privacy Policy |
| Anthropic | AI model inference for chatbot responses (only when explicitly enabled by customer) | Message text, automation context (when AI features are enabled) | United States | Anthropic Privacy Policy |
- AI processing is opt-in only and requires explicit customer consent through an AI checkbox when creating automations
- OpenAI and Anthropic do not store customer data or use it to train their models
- Only the minimum necessary data is shared for inference purposes
- All processing is done in real-time without long-term storage
Analytics and Monitoring Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|---|---|---|---|
| PostHog | Product analytics and feature usage tracking | User behavior data, anonymized usage metrics, feature flags | United States / EU | PostHog DPA |
| Google Analytics | Website analytics | Page views, user interactions, anonymized browsing data | United States | Google Analytics DPA |
Payment Processing Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|---|---|---|---|
| Stripe | Payment processing and subscription management | Payment information, billing details, transaction data | United States | Stripe DPA |
Communication Sub-processors
| Sub-processor | Purpose | Data Processed | Location | Privacy/DPA Link |
|---|---|---|---|---|
| SendGrid (Twilio) | Transactional email delivery | Email addresses, email content, delivery metadata | United States | Twilio DPA |
| Slack | Internal team communications and support | Support ticket content, customer inquiries | United States | Slack DPA |
Integration Platform Sub-processors
DryMerge connects to various third-party platforms on behalf of customers. When a customer authorizes an integration, data may be processed by:| Integration Category | Examples | Data Processed | Note |
|---|---|---|---|
| CRM Systems | HubSpot, Salesforce, Attio, Pipedrive | Contact data, company data, deal information, activity logs | Customer-controlled via OAuth |
| Communication Tools | Gmail, Outlook, Slack, Microsoft Teams | Email content, messages, calendar events, contacts | Customer-controlled via OAuth |
| Productivity Apps | Google Workspace, Microsoft 365, Notion, Airtable | Documents, spreadsheets, databases, project data | Customer-controlled via OAuth |
| E-commerce Platforms | Shopify, WooCommerce, Stripe | Order data, customer information, product catalogs | Customer-controlled via OAuth |
| Marketing Tools | Mailchimp, ActiveCampaign, Intercom | Contact lists, campaign data, subscriber information | Customer-controlled via OAuth |
Data Transfer Mechanisms
For sub-processors located outside the European Economic Area (EEA), DryMerge ensures adequate data protection through:- Standard Contractual Clauses (SCCs): Approved by the European Commission for international data transfers
- Adequacy Decisions: Relying on adequacy decisions where applicable
- Supplementary Measures: Including encryption, access controls, and contractual commitments
Sub-processor Security Requirements
All sub-processors are required to:- Implement appropriate technical and organizational security measures
- Process data only in accordance with documented instructions
- Ensure confidentiality of personnel with access to personal data
- Assist with data subject rights requests and security incidents
- Delete or return data upon termination of services
- Submit to audits and provide compliance documentation
Objecting to a Sub-processor
If you object to DryMerge’s use of a new sub-processor, you may:- Notify us in writing at privacy@drymerge.com within 10 business days of receiving notice
- Provide specific reasons for your objection based on legitimate data protection concerns
- Work with us to identify alternative solutions
Additional Information
For questions about our sub-processors or to request additional information about data processing practices, please contact: DryMerge, Inc.Data Protection Officer
Email: privacy@drymerge.com For a copy of our Data Processing Agreement, visit: /legal-policies/data-processing-agreement/page
Note: This list is current as of the last updated date shown above. DryMerge reserves the right to add or change sub-processors with appropriate notice as outlined in our Data Processing Agreement.