Subprocessors
A current list of subprocessors we use, what they do, and how we evaluate and manage vendor risk. We also list certain offline,
licensed datasets used internally that do not receive customer data.
Last updated: December 16, 2025
Vendor risk management
We select vendors based on security posture, data access scope, and service criticality. We limit the data shared to what is necessary,
restrict credentials and access, and monitor for availability and integration issues.
- Due diligence: vendor review appropriate to the sensitivity of data and the service provided.
- Least data: only the data needed for a service function is processed by the vendor.
- Access restriction: credentials and vendor access are controlled and limited.
- Change management: material subprocessor changes are managed and communicated on request.
Change notifications
We update this page when subprocessors change. If your organization requires formal notification terms (for example, 30 days’ notice),
contact us and we’ll coordinate.
Infrastructure & hosting subprocessors
DigitalOcean
Purpose: application hosting (droplets), load balancing, managed database.
Data: customer account data, workspace configuration, derived metadata and reporting data.
Region: configured region.
Data: customer account data, workspace configuration, derived metadata and reporting data.
Region: configured region.
Amazon Web Services (AWS) – Amazon SageMaker
Purpose: secure processing for classification and culture inference.
Data: short-lived inputs required for inference; derived results returned to the application.
Region: configured region.
Data: short-lived inputs required for inference; derived results returned to the application.
Region: configured region.
AI assistance subprocessors (optional feature)
Workplace.io offers an optional interactive chat feature that can help users interpret dashboards and metrics. When enabled and used,
this feature may send customer-provided prompts and limited dashboard context to a third-party AI provider. This is separate from our
culture classification system, which runs on AWS SageMaker.
OpenAI
Purpose: interactive chat and explanation feature (customer-initiated).
Data: customer prompts and limited dashboard context required to respond (minimized).
Notes: not used for classification; classification and inference runs on AWS SageMaker. API data is not used to train OpenAI models.
Data: customer prompts and limited dashboard context required to respond (minimized).
Notes: not used for classification; classification and inference runs on AWS SageMaker. API data is not used to train OpenAI models.
Inference note
Inference workloads run on AWS SageMaker. We do not publicly disclose model architecture, training data, or internal signal taxonomy.
Communications subprocessors
Postmark
Purpose: transactional email delivery.
Data: email address and email content for system emails (for example invites, notices).
Region: varies by provider configuration.
Data: email address and email content for system emails (for example invites, notices).
Region: varies by provider configuration.
Billing subprocessors
Stripe
Purpose: payment processing and billing.
Data: billing contact details and payment-related metadata.
Region: varies by provider configuration.
Data: billing contact details and payment-related metadata.
Region: varies by provider configuration.
Note
If Stripe is not used for your account, it will not process your data.
Partner Program subprocessors
The following vendor is used only for Partner Program payout operations. It is not used for core Workplace.io
analytics, Slack/Teams ingestion, or customer reporting.
Trolley
Purpose: partner/affiliate payout processing.
Data: partner contact details and payout method information (and tax documentation if applicable).
Region: varies by provider configuration.
Data: partner contact details and payout method information (and tax documentation if applicable).
Region: varies by provider configuration.
Third-party data sources (offline)
These providers supply licensed datasets that we download and use internally. They do not receive customer IP addresses or other customer
data from us as part of this use.
MaxMind
Purpose: IP geolocation reference data.
How used: we download a dataset and perform lookups internally; customer IP addresses are not sent to MaxMind.
How used: we download a dataset and perform lookups internally; customer IP addresses are not sent to MaxMind.
Third-party platforms (customer-controlled)
Some third-party platforms may be involved in (1) user authentication (SSO) and/or (2) customer-authorized data source integrations.
These platforms are connected and authorized by the customer. Workplace.io only accesses them under the permissions granted by your
administrators and configuration.
Slack
Role(s): user sign-in (SSO), customer-authorized collaboration data source.
Notes: access is scoped by authorization and configured features; disconnecting the integration stops future ingestion.
Notes: access is scoped by authorization and configured features; disconnecting the integration stops future ingestion.
Microsoft Teams (Microsoft Entra ID)
Role(s): user sign-in (SSO), customer-authorized collaboration data source.
Notes: access is scoped by authorization and configured features; some tenants require admin consent for certain permissions.
Notes: access is scoped by authorization and configured features; some tenants require admin consent for certain permissions.
Google
Role(s): optional identity provider for user sign-in (SSO).
Notes: used only for authentication when selected by the user; does not grant access to Slack/Teams workspace data.
Notes: used only for authentication when selected by the user; does not grant access to Slack/Teams workspace data.