Effective Date: March 5, 2025
Introduction
Vinyl is committed to transparency regarding how we process your data. This page lists the third-party subprocessors we use to deliver our services. A subprocessor is a third-party data processor who has access to personal data of our customers and their end-users in order to provide specific services.
We carefully select and continuously monitor our subprocessors to ensure they maintain appropriate security and privacy standards. All subprocessors have entered into appropriate data processing agreements with Vinyl that ensure they provide at least the same level of privacy and security protection as specified in our Privacy Policy and Terms of Service.
Current Subprocessors
Infrastructure and Hosting
Subprocessor Category
Purpose
Location
Security/Compliance Certifications
Amazon Web Services (AWS)
Primary infrastructure hosting, data storage, database services, and backup storage
Australia
ISO 27001, SOC 1/2/3, GDPR Compliant
AWS CloudFront
Content delivery network for optimization of content delivery and website performance
Global (primary servers in Australia)
ISO 27001, SOC 2, GDPR Compliant
Webflow
Website hosting
United States
SOC 2, GDPR Compliant
Subprocessor Category
Purpose
Location
Security/Compliance Certifications
Assembly AI
Converting audio recordings to text transcriptions
United States
SOC 2, ISO 27001, GDPR Compliant
Anthropic
Generating meeting summaries, action items, and analysis of transcript data
United States
SOC 2, GDPR Compliant
Subprocessor Category
Purpose
Location
Security/Compliance Certifications
Stripe
Processing subscription payments and managing billing
United States
PCI DSS Level 1, SOC 1/2, ISO 27001
Intercom
Customer support platform and communication
United States
SOC 2, ISO 27001, GDPR Compliant
SendGrid
Sending service notifications and email communications
United States
SOC 2, ISO 27001, GDPR Compliant
Segment
Customer data platform and analytics
United States
SOC 2, GDPR Compliant
Attio
CRM platform for managing customer relationships and sales processes
United States
SOC 2, GDPR Compliant
Security and Compliance
All subprocessors are required to maintain:
- Comprehensive security programs aligned with industry standards
- Data encryption for data in transit and at rest
- Access controls to ensure data is only accessible to authorized personnel
- Regular security assessments including penetration testing
- Business continuity and disaster recovery plans
- Employee security awareness training
Updates to Subprocessors
We may update this list from time to time as we add or remove subprocessors. For customers with a Data Processing Agreement (DPA), we will provide notice of new subprocessors in accordance with the notification terms in the DPA.
If you have questions or concerns about our subprocessors, please contact us at hello@usevinyl.com.
International Data Transfers
Where subprocessors are located outside of the European Economic Area (EEA), Australia, or the customer's jurisdiction, we ensure appropriate safeguards are in place in accordance with applicable data protection laws. These safeguards include:
- Ensuring subprocessors are located in countries with adequate data protection determinations
- Implementing Standard Contractual Clauses (SCCs) approved by the European Commission
- Requiring subprocessors to maintain appropriate security certifications
Subprocessor Due Diligence
Before engaging any new subprocessor, Vinyl conducts thorough due diligence to evaluate their security, privacy, and compliance posture. This includes:
- Review of security documentation and certifications
- Assessment of data protection practices
- Contractual safeguards including data processing terms
- Ongoing monitoring for compliance
For enterprise customers requiring additional information about specific subprocessors for compliance purposes, please contact hello@usevinyl.com.
