Sub-Processor List

Sub-processor List

Junify engages the Sub-processors listed below to support the delivery of the Junify Services. All Sub-processors act as Junify's processors and may process limited personal data strictly in accordance with Junify's instructions, our Data Processing Addendum, and applicable data protection laws. For certain optional features (for example analytics, notifications, or AI features), the corresponding Sub-processors are only used if the feature is enabled by the Customer.

For information about third parties that process personal data as independent controllers for their own purposes, please refer to the Independent Controllers List .

Core Infrastructure

Name	Purpose	Data Shared with Sub-processor	Location	International Transfer Mechanism
Amazon Web Services	Cloud Service Provider	Session recordings generated by the Service (e.g., audio, video and/or screen content) and associated metadata (timestamps, internal user IDs, workspace identifiers). Technical metadata related to access to session recordings, such as IP address, device and browser information, and system logs. Any additional data that Customers choose to include in session recordings, which may contain personal data.	Primary Processing Location: United States	SCCs
Cloudflare	Web application firewall (WAF), content delivery network (CDN), DDoS protection, and DNS services to secure and optimize traffic to the Junify Services.	End-user IP addresses and approximate location derived from IP. HTTP(S) request and response metadata (e.g., URLs, headers, cookies, user agent, referrer). Security and performance logs, including firewall events, rate-limiting events, and error logs. Encrypted traffic content may transit Cloudflare's network for the purpose of routing and caching.	Primary Processing Location: United States	SCCs
SendGrid	Email service provider for sending transactional and service-related emails	Recipient and sender identifiers: name, email address. Email message metadata: subject line, send time, delivery status, and engagement events (opens, clicks, bounces). Email body content for transactional emails generated by the Service, which may contain limited personal data depending on the email template.	United States	SCCs
Stripe	Payment Provider	Billing contact details: name, email address, billing address, company name (where provided). Payment information necessary to process a transaction (e.g., payment method tokens, last four digits of card number, expiry date, billing postal code). Transaction data: amount, currency, timestamps, and high-level payment status. Fraud-prevention and compliance-related metadata (e.g., IP address and device information associated with the payment event). Junify does not store full credit card numbers; Stripe acts as our PCI-DSS compliant payment processor.	United States	SCCs
Heroku	Cloud Service Provider	Primary application hosting platform used to run the Junify Services and serve traffic to end users. Application data transmitted through the Junify Services (requests and responses), which may include personal data submitted by Customers and end users. Application and system logs, including IP addresses, request paths, timestamps, and error messages. Configuration data and internal identifiers required to operate the application (e.g., environment variables with non-sensitive configuration data).	Primary Processing Location: United States	SCCs
Segment	Event data collection and routing	Application event data (e.g., login events, feature usage events, configuration changes). Audit log events, including internal user IDs, role information, and timestamps for actions taken within the Junify Services. Technical metadata: IP address, device and browser information, and referrer URLs, where collected. Identifiers such as email address or organization ID, where configured for event tracking.	United States	SCCs
BugSnag	Error monitoring and bug-tracking service used to detect, diagnose, and resolve application errors.	Error and exception reports including stack traces, file names, error messages, and environment metadata. Technical information about the device and environment (e.g., operating system, app version, browser type). IP address and request metadata where necessary to reproduce and investigate errors, subject to data scrubbing rules configured by Junify. Internal identifiers (e.g., user ID or session ID) where configured to help reproduce bugs; direct contact details are excluded where possible.	United States	SCCs
New Relic	Application Performance Monitoring	Telemetry and performance data such as response times, throughput, error rates, and resource utilization. Application and infrastructure logs, which may include IP addresses, request paths, and error messages. Traces and metrics associated with specific requests, containing internal service and endpoint identifiers. To the extent configured, limited user identifiers (e.g., hashed user ID) to correlate performance issues with user experience; direct contact information is not required and is avoided wherever possible.	United States	SCCs
OneSignal	Notifications	Recipient identifiers such as device tokens, browser push tokens, or internal user IDs. Optional profile attributes used for targeting, for example workspace or organization ID, role, language, or time zone. Notification content: title and body of the notification message, which may contain information about schedules, working hours, or announcement content as configured by the Customer. Optional segmentation data (e.g., geofencing or working-hour windows) where explicitly configured to deliver time- or location-based notifications.	United States	SCCs
Mixpanel	Product Analytics	Pseudonymous user identifiers (e.g., internal user ID or hashed identifier). Where configured by the Customer or Junify: name and email address for account-level analytics and cohort building. Usage events, such as page views, feature usage, button clicks, and session duration. Device and technical information: IP address (optionally truncated), user agent, operating system, browser type, and approximate location.	United States	SCCs
LaunchDarkly	Feature flag management to enable or disable specific product features per customer.	Feature flag keys and configuration details. User targeting attributes used for flag evaluation, typically pseudonymous identifiers (e.g., internal user ID, role, organization ID). Evaluation and event logs (e.g., which flag variation a user received, timestamps). Optional: additional attributes (e.g., plan type or environment) where configured by Junify; personal contact data is not required for feature flagging and is avoided where possible.	United States	SCCs

Optional Feature

Name	Purpose	Data Shared with Sub-processor	Location	International Transfer Mechanism
OpenAI	Generative AI large language model provider used to power Junify's optional AI features	Only when a Customer Admin has enabled generative AI features for the relevant users and an end user invokes those features, OpenAI may process: Input data sent as prompts or context, including: text or instructions that users type or select; relevant portions of documents, PDFs, configuration data or other Customer Content that a feature is designed to analyse; extracts or summaries of logs, activity histories or other Admin-authorised data; limited metadata from Third-Party App or Integration Data where needed for the requested operation. AI-generated outputs returned to Junify, such as summaries, explanations or classifications of PDFs, logs or other content, suggested text or actions for users, and proposed steps for AI agents to perform in the user's browser or workflow. Usage and performance metadata relating to AI feature usage, such as timestamps, feature identifiers, request identifiers and technical error information used for monitoring, troubleshooting and security.	United States	SCCs