Legal · Transparency

Sub-Processors

Last updated: May 10, 2026

1. What this is

HelpWin LLC uses third-party service providers ("sub-processors") to deliver our B2B SaaS platform. This page lists the sub-processors we currently use, what they do for HelpWin, what categories of data they may access, and where they operate. We publish this list as part of our commitment to transparency and to help our clients meet their own privacy obligations.

We update this list when our sub-processor relationships change. We recommend bookmarking this page or contacting [email protected] to be notified of material changes.

2. Active sub-processors

Vendor	Purpose	Data Categories	Region
Cloudflare, Inc.	Edge hosting, DNS, CDN, DDoS protection, Workers compute platform for our backend services	Request metadata (IP, user-agent, paths), cached content, Worker-processed payloads	USA · Global edge
Supabase, Inc.	Primary application database, authentication, file storage	All HelpWin application data including client accounts, end-customer bookings, employee records, SMS logs, audit trails	USA
Resend (Resend, Inc.)	Transactional email delivery (account emails, booking confirmations, daily lead digests, password resets)	Email addresses, message subjects and bodies, delivery metadata	USA
Square, Inc. (Block, Inc.)	Subscription billing, payment processing, recurring charges, dunning. PCI DSS Level 1 certified.	Billing contact info, subscription status, payment metadata. HelpWin does not store credit card numbers, CVVs, or full PAN data.	USA
Twilio, Inc.	Two-way SMS infrastructure for booking reminders, confirmation messages, opt-out handling. A2P 10DLC registered.	Phone numbers, message content, delivery status, consent state	USA
Sentry (Functional Software, Inc.)	Application error tracking and performance monitoring. PII scrubbing applied per Sentry config.	Stack traces, request paths, anonymized session metadata. Sensitive fields scrubbed before transmission.	USA
Google LLC (Maps Platform)	Address autocomplete on signup and request forms (Places Autocomplete API)	Address strings entered by users during form fill (no persistent profile shared)	USA · Global

Vendor security review program. HelpWin reviews each named sub-processor on an ongoing cadence as part of our cybersecurity program (aligned to CIS Controls v8 IG1 and Ohio Data Protection Act safe harbor). Reviews cover: SOC 2 / ISO 27001 status, data residency, DPA/sub-processor terms, and any reported incidents. We onboard new sub-processors only after this review completes.

3. Adding new sub-processors

Before we onboard a new sub-processor, we evaluate them against our vendor security review checklist. When we add or remove a sub-processor that materially affects how client or end-customer data is handled, we update this page. Material additions include any vendor that processes client account data, end-customer PII, SMS content, payment metadata, or scheduling/booking records.

4. How to subscribe to changes

Email [email protected] with subject "Subprocessor notification opt-in" and we will add you to a notification list for material changes. We will give at least 30 days' notice before adding a new sub-processor that processes end-customer PII, except where the change is required for security or legal reasons.

5. Related documents

Privacy Policy — how we use the data described here
Data Processing Addendum — contractual terms for B2B clients
Terms of Service — overall platform agreement
DMCA Policy — copyright takedown procedure

Questions about this list or any vendor in particular? Email [email protected].