Subprocessor List
Last updated: December 30, 2024
Release Technologies, Inc. ("Release") uses certain third-party service providers ("Subprocessors") to assist in providing our ephemeral environments platform services. This page lists all Subprocessors that may process Customer Data on our behalf.
Current Subprocessors
The following Subprocessors are currently authorized to process Customer Data:
| Subprocessor | Purpose/Service | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and hosting | All customer data, application data, logs | United States |
| Google Cloud Platform (GCP) | Cloud infrastructure (select services) | Application data, compute workloads | United States |
| Stripe | Payment processing | Billing information, payment details | United States |
| SendGrid | Transactional email delivery | Email addresses, notification content | United States |
| Datadog | Application monitoring and APM | Performance metrics, logs, traces | United States |
| Rollbar | Error tracking and monitoring | Error logs, stack traces, user context | United States |
| HubSpot | Customer relationship management | Contact information, communication history | United States |
| FreshPaint | Product analytics | Usage data, behavioral analytics | United States |
| GitHub | Source code hosting, CI/CD, OAuth | Repository data, authentication tokens | United States |
Subprocessor Categories
Infrastructure Providers
These Subprocessors provide the core infrastructure on which Release operates:
- Amazon Web Services (AWS): Primary cloud infrastructure provider for compute, storage, networking, and managed services including EC2, S3, RDS, EKS, and KMS.
- Google Cloud Platform (GCP): Secondary cloud infrastructure for specific workloads and services.
Payment Processing
- Stripe: Handles all payment processing, subscription management, and billing operations. Release does not store complete credit card numbers; this data is handled exclusively by Stripe.
Communication Services
- SendGrid: Delivers transactional emails including account notifications, alerts, and system communications.
Monitoring and Analytics
- Datadog: Provides application performance monitoring, infrastructure monitoring, and log aggregation for service reliability.
- Rollbar: Captures and tracks application errors to help maintain service quality.
- FreshPaint: Provides analytics infrastructure and data routing.
Business Operations
- HubSpot: Manages customer communications, support tickets, and relationship data.
- GitHub: Provides source code integration, OAuth authentication, and CI/CD pipeline connections.
Notification of Changes
How We Notify Customers
Release will notify customers of any changes to our Subprocessor list through the following means:
- Email notification: Customers who have subscribed to Subprocessor updates will receive email notification of any additions, removals, or changes.
- Website update: This page will be updated to reflect current Subprocessors.
- In-app notification: For material changes, we may provide notification through the Release platform.
Notice Period
Release provides at least 30 days' advance notice before engaging any new Subprocessor that will process Customer Data. This notice period allows customers to review the change and, if necessary, raise objections.
Objection Process
If you have concerns about a new Subprocessor, you may object by contacting us at security@release.com within the 30-day notice period. We will work with you in good faith to address your concerns. If we cannot resolve your concerns, you may terminate the affected services in accordance with your Agreement.
Subscribe to Updates
To receive notifications about Subprocessor changes, please send an email to security@release.com with the subject line "Subscribe to Subprocessor Updates" and include:
- Your company name
- The email address(es) to receive notifications
- Your Release account identifier (if applicable)
Security and Compliance
Subprocessor Requirements
All Subprocessors engaged by Release are required to:
- Maintain appropriate security certifications (such as SOC 2 Type 2)
- Enter into data processing agreements that include GDPR-compliant terms
- Implement technical and organizational measures to protect Customer Data
- Process data only as instructed by Release
- Notify Release promptly of any security incidents
Due Diligence
Before engaging any Subprocessor, Release conducts a security assessment that includes:
- Review of security certifications and audit reports
- Assessment of data protection practices
- Evaluation of technical security controls
- Review of privacy policies and terms
Ongoing Monitoring
Release continuously monitors Subprocessors for:
- Security certification renewals
- Changes to security posture
- Compliance with contractual obligations
- Security incidents or vulnerabilities
Data Transfer Mechanisms
For Subprocessors that process data outside the European Economic Area, Release ensures appropriate transfer mechanisms are in place, including:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Additional safeguards as required by applicable law
Contact Us
For questions about our Subprocessors or to subscribe to update notifications:
Email: security@release.com
For general inquiries about our data processing practices, please refer to our Data Processing Agreement and Privacy Policy.
Release reviews and updates this Subprocessor list periodically. Please check back regularly or subscribe to updates to stay informed of any changes.