Last updated: Feb 01, 2026
To support the delivery of our Services and the operation of our Websites, Ennote Security Inc. ("Ennote Security", "we", "us") engages third-party service providers. When these providers process Customer Data on our behalf, they are termed "Subprocessors".
Personal data processed on behalf of Customers to provide the core Services (e.g., email addresses, encrypted secret payloads, audit logs).
Data collected from public website visitors (e.g., marketing pages), such as IP addresses or cookies, used for analytics.
These entities are authorized to process Customer Data to provide the core functionality of the Ennote platform (hosting, security, billing).
| Entity | Nature of Processing | Location |
|---|---|---|
| Amazon Web Services (AWS) | Provides cloud hosting infrastructure for our Services, including storage, compute, and processing of Customer Data. | United States |
| Google Cloud Platform (GCP) | Provides secondary cloud hosting infrastructure and backup storage for Customer Data. | United States |
| Cloudflare | Provides Content Delivery Network (CDN), DDoS protection, and Web Application Firewall (WAF). Processes IP addresses and web traffic metadata. | United States / Global |
| Stripe | Processes credit card payments and subscription billing. Processes Customer Data related to payments (Billing Address, Tax ID). | United States |
| Postmark | Transactional email delivery (e.g., security alerts, team invites). Processes email addresses. | United States |
| Sentry | Real-time error tracking and bug reporting. May process technical error stack traces containing limited Customer Data. | United States |
| Datadog | Infrastructure monitoring and centralized log management. Processes operational data logs (excluding secret payloads). | United States |
| Atlassian (Jira Service Mgmt) | Customer support ticketing system. Processes data submitted via support requests. | United States |
| Google (Workspace) | Corporate email and document services. Processes data if shared via direct email communications with staff. | United States |
| Slack | Internal team communication. Incidental sharing may occur when discussing support issues (access strictly restricted). | United States |
These entities process data related to visitors of our public website. They do not have access to Customer Data stored within the Ennote Security application (e.g., your secrets or vault).
| Entity | Nature of Processing | Location |
|---|---|---|
| Google Analytics | Website analytics to understand visitor behavior. Processes IP, browser info (Website Visitor Data). No Customer Data. | United States |
| Meta Pixel | Ad campaign measurement and retargeting. Processes Website Visitor Data. No Customer Data. | United States |
| Microsoft Clarity | Session recordings and heatmaps to improve UX. Processes Website Visitor Data. No Customer Data. | United States |
As our business grows, the Subprocessors we engage may change. We adhere to the following notification process:
We will post any changes to this page immediately upon engagement of a new Subprocessor.
For Customers with a valid DPA, we will provide notice via email at least 30 days prior to authorizing any new Subprocessor to process Customer Data, providing an opportunity to object.