Legal
Sub-processors
Last updated: 16 April 2026
This page lists the third-party organisations (“Sub-processors”) that Akaro AI engages to process Personal Data on behalf of its customers, as contemplated by the Data Processing Agreement. We maintain data-processing contracts with each Sub-processor that impose data-protection obligations substantially equivalent to those in the DPA.
We will give notice of any new Sub-processor at least 30 days before it starts processing customer data, by updating this page. To receive notifications by email, write to [email protected] with the subject “Subscribe — Sub-processor updates.”
Currently active
| Service | Purpose | Data | Location |
|---|---|---|---|
| Hostinger Hostinger International Ltd. | Virtual server hosting (compute and storage) for the Akaro backend, vector store, and uploaded files | All customer content and user records stored on the platform disk; server-side logs | United States (Boston, Massachusetts) |
| Cloudflare Cloudflare, Inc. | Reverse proxy, DDoS protection, web application firewall, CDN, and TLS termination for akaro.ai, www.akaro.ai, and platform.akaro.ai. api.platform.akaro.ai bypasses Cloudflare (DNS-only) to preserve long-lived server-sent event streams used by the chat UI. | Request metadata (source IP address, user-agent, request path, headers); request and response bodies are visible to Cloudflare at the edge because TLS is terminated there before the traffic is re-encrypted to the origin | United States / global (Cloudflare anycast edge network) |
| MongoDB Atlas MongoDB, Inc. | Managed database for user accounts, organisations, projects, documents metadata, chat sessions, activity logs | User records, organisation records, document metadata, chat history, activity logs, encrypted connector tokens | United States — AWS US East (N. Virginia, us-east-1) |
| OpenAI OpenAI, L.L.C. | Generation of embeddings (text-embedding-3-small) and large-language-model completions (GPT-4o / gpt-4o-mini) for search, answer generation, and reranking | User queries, retrieved document excerpts, recent conversation turns, attachment text, organisation display name | United States |
| Google Workspace (Gmail SMTP) Google LLC | Transactional email delivery (email verification, password reset, team invitations, @mention notifications) | Recipient name and email, message content | United States / global |
| Google Identity Platform Google LLC | OAuth 2.0 authentication for Sign in with Google | Google account identifier, email, name, profile picture URL | United States / global |
| Google APIs — Drive, Docs, Sheets, Slides, Gmail Google LLC | Optional connectors and the Chrome extension — import of documents into the knowledge base and in-browser AI assistance on the user’s action | File and email content the user explicitly selects or is viewing | United States / global |
| Notion Notion Labs, Inc. | Optional Notion connector for importing pages into the knowledge base | Pages and databases within workspaces the user authorises | United States |
| Atlassian Confluence Atlassian Pty Ltd | Optional Confluence connector for importing pages into the knowledge base | Pages within spaces the user authorises | United States / Australia |
| Slack Slack Technologies, LLC | Optional Slack connector for importing channel messages into the knowledge base | Messages and basic user metadata from channels the user authorises | United States |
| Salesforce Salesforce, Inc. | Optional Salesforce connector for importing CRM records into the knowledge base | Records the user selects (accounts, contacts, opportunities) | Customer-selected Salesforce region |
| HubSpot HubSpot, Inc. | Optional HubSpot connector for importing CRM records into the knowledge base | Records the user selects (companies, contacts, deals) | United States / EU (customer-selected) |
| DuckDuckGo (optional) Duck Duck Go, Inc. | Optional web-search feature in chat when a user enables it; returns web results to ground answers | The user’s search query | United States |
| BetterStack BetterStack, s.r.o. | External uptime monitoring and public status page (status.akaro.ai) | Uptime probe results (HTTP response codes, response latency) for health-check endpoints; no customer content. Incident titles displayed on the public status page are authored by Akaro, not imported from customer data. | European Union / global |
Planned (not yet active)
Services listed below have been selected but are not yet processing customer data. We will confirm their activation by updating the “Last updated” date and moving them into the Active table, with at least 30 days’ prior notice.
| Service | Purpose | Data | Location |
|---|---|---|---|
| Sentry Functional Software, Inc. | Error and performance monitoring for the platform frontend and backend | Diagnostic telemetry including stack traces, HTTP request metadata, browser type, and user identifier; sensitive payloads are scrubbed | United States / EU (region to be selected) |
| Stripe Stripe, Inc. (and Stripe Payments India Pvt. Ltd. where applicable) | Billing, subscription management, and payment processing for paid plans | Account billing contact, subscription metadata, payment card tokens; Stripe is a PCI-DSS Level 1 service provider and Akaro does not see or store full card numbers | United States / global |
Other operational tooling
In addition to the Sub-processors above, we use internal tools (such as source code hosting on GitHub, cloud DNS, SSL certificate issuance via Let’s Encrypt, and Google Workspace for our own business email and documents) that do not routinely access customer Personal Data. We list these here for transparency:
- GitHub (Microsoft Corporation) — source code hosting and CI; no customer Personal Data.
- Let’s Encrypt — TLS certificates for akaro.ai, platform.akaro.ai, and api.platform.akaro.ai.
- Google Workspace — our own business email (including
privacy@,security@,dpo@aliases) and internal docs; used only for communications with customers and internal operations.
Contact
Questions about sub-processors, or to object to a planned change:
Email: [email protected]