Gleap uses the following sub-processors to provide its services. This page reflects the current operational list; the contractually authoritative version is Annex 8.10 of our Data Processing Addendum, which is updated in line with it. Under the DPA (§8), engaging a sub-processor beyond the annex requires the customer’s written consent — which may not be unreasonably withheld where equivalent data protection obligations are imposed on the new sub-processor — and customers are entitled to carry out inspections of sub-processors.
Infrastructure & hosting
- DigitalOcean, LLC (USA) — server location: EU, Frankfurt. Our main cloud provider: application servers, screenshot rendering, databases, and static file hosting.
- Microsoft Azure (Microsoft Corporation, USA) — server location: Germany, Frankfurt. Server hosting (application, screenshot rendering, Redis database), static file hosting, and LLM processing.
- Amazon Web Services (AWS EMEA SARL, Luxembourg) — server hosting (application, screenshot rendering, database) and static file hosting.
- Cloudflare, Inc. (USA) — server locations: worldwide. DNS management, static file delivery, and object storage (R2) for files uploaded through the Gleap widget and dashboard (e.g., screenshots and attachments).
Communication & delivery
- Postmark (ActiveCampaign, LLC, USA) — server location: USA. Transactional email delivery.
- Pusher Limited (UK) — server location: EU, Ireland. WebSocket infrastructure powering real-time features.
- Firebase (Google Ireland Limited, Ireland) — push notification delivery. This feature must be manually activated.
Billing
- Stripe, Inc. (USA) — payment provider for customer billing.
- Paddle.com Market Ltd. (UK) — payment provider for customer billing.
Monitoring
- New Relic, Inc. (USA) — server location: EU (Frankfurt, Germany). Application performance monitoring and logging for Gleap’s infrastructure; telemetry may include request metadata.
Agent integrations
- Composio, Inc. (USA) — integration platform powering custom-agent tool connections (e.g., third-party app actions and triggers configured by the customer).
AI providers (optional)
The following providers only process data when AI features are actively used. AI features are optional and can be fully disabled — contact us for details. Per our data processing agreements and enterprise/API terms, these providers are contractually prohibited from using submitted data to train or improve their models.
- OpenAI, L.L.C. (USA) — server location: USA.
- Anthropic PBC (USA) — server locations: US & EU.
- Google Ireland Limited (Ireland) — server locations: USA / EU. LLM processing through the Gemini API.
- X.AI LLC (xAI) (USA) — server location: EU, eu-west-1.
- OpenRouter, Inc. (USA) — LLM routing gateway used to access additional AI models (e.g., DeepSeek, Qwen, Kimi, MiniMax, GLM); requests are forwarded to the selected model provider under the same no-training terms.
- Mistral AI SAS (France) — server location: EU. LLM processing for Mistral models.
- Hangzhou DeepSeek Artificial Intelligence Basic Technology Research Co., Ltd. (China) — server location: China. Direct API used only as a fallback for DeepSeek models, which are primarily served via OpenRouter.
AI data processing
These services support Gleap’s AI features (knowledge base, Kai agents, and Kai Code) and process data only when those features are used:
- MongoDB, Inc. (Voyage AI) (USA) — embedding and reranking of knowledge-base content, tickets, and messages for AI search and retrieval.
- FoundryLabs, Inc. (E2B) (USA) — isolated cloud sandboxes in which Kai Code works on repositories the customer has connected.
- SideGuide Technologies, Inc. (Firecrawl) (USA) — crawling of customer websites for knowledge-base ingestion and web retrieval for Kai agents.
- TinyFish, Inc. (USA) — web search and page retrieval for Kai agents.
- Endless Labs, Inc. (Datalab) (USA) — conversion of uploaded documents (PDFs, spreadsheets) to machine-readable text for AI processing.
Questions
For questions about this list, data locations, or to be notified of sub-processor changes, email privacy@gleap.io.