Last updated · May 19, 2026
Subprocessors
These are the categories of third-party service providers that may process data on Channl’s behalf to operate the Service. The current named list — including vendor, processing location, contract dates, and links to each vendor’s DPA — is available to customers and prospective customers under non-disclosure agreement. Material changes to the list (a new category or a new vendor in an existing category) are announced at least 30 days before they take effect. Subscribe to notifications at security@channl.ai.
Every sub-processor is bound by a written Data Processing Addendum requiring (a) processing only on Channl’s documented instructions, (b) confidentiality, (c) appropriate technical and organizational security measures, (d) assistance with data-subject-rights and incident response, and (e) SOC 2 Type 2 attestation, ISO 27001, or equivalent security-program documentation appropriate to the data they process.
| Category | Purpose | Data processed |
|---|---|---|
| Cloud hosting and edge network | Application hosting, content delivery, function runtime, log aggregation | HTTP request metadata, application logs, client IP at the edge |
| Managed databases | Relational, document, vector, and graph storage for product data and Customer Data | Customer Data, account records, audit logs |
| Caching, rate limiting, and queues | Ephemeral state, rate-limit counters, and background job dispatch | Session and request metadata; no Customer Data at rest beyond TTL windows |
| AI / large language model providers | Generative-AI features (research, drafting, scoring, summarization, classification, search) | Prompts and inputs required to deliver the requested feature; no training on Customer Data |
| Embedding providers | Vector embeddings for retrieval and semantic search | Text and metadata being embedded |
| Error and exception monitoring | Server and client error tracking and performance monitoring | Stack traces and scrubbed request metadata; PII removed before transmission |
| Product and performance analytics | Aggregated usage and performance measurement (reverse-proxied) | Event payloads, distinct ID, session ID; PII fields explicitly excluded |
| Uptime and availability monitoring | Synthetic health checks against public endpoints | Response codes and latencies; no request payloads |
| Internal alerting and notifications | Internal alerts to Channl personnel (e.g., new lead submissions) | Lead email, role, and company rendered as an internal message |
| Payment processing | Subscription billing and invoicing | Billing contact, card brand, last four digits, expiration, and payment-method tokens |
| Transactional email delivery | Account, security, and billing emails | Recipient email address and message body |
| Newsletter delivery | Opt-in marketing newsletter for Channl-published content | Subscriber email and open/click events |
| Customer-authorized email integrations | OAuth-based access to a customer-authorized email account where you connect one | Tokens and message data the customer authorizes, scoped to the integration |
| Event registration platform | Event sign-ups embedded on the marketing site | Data the visitor submits inside the embed; separately governed by that vendor |
| Public-data collection infrastructure | Retrieval of publicly available information used by research features | Public-source URLs and content; no submitted credentials |
Production data is processed and stored in the United States. Where personal data subject to GDPR, UK GDPR, or the Swiss FADP is transferred to a third country that has not received an adequacy determination, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or the Swiss FDPIC-approved variant, supplemented by encryption, access controls, and pseudonymization where appropriate.