Subprocessors
Last updated: March 9, 2026
The following is a list of third-party subprocessors authorized to process personal data on behalf of CloudRepo (ChenPo LLC). All subprocessors have been reviewed for their security practices and hold relevant compliance certifications.
| Subprocessor | Purpose | Data Processed | Compliance |
|---|---|---|---|
| Amazon Web Services (AWS) | Infrastructure, storage, compute | All customer data and artifacts | SOC 2, ISO 27001, FedRAMP |
| Braintree/PayPal | Payment processing | Billing information | PCI DSS Level 1, SOC 2 |
| GitHub | Source code management | No customer data | SOC 2, ISO 27001 |
| Postmark | Transactional email | Email addresses, notification content | SOC 2 |
| Grafana Cloud | Monitoring and observability | System metrics, logs (no PII) | SOC 2 |
| Amplitude | Product analytics | Anonymized usage data | SOC 2 |
| Intercom | Customer support | Support conversations, email | SOC 2 |
| Sentry | Error tracking and monitoring | Application error data, session metadata | SOC 2 |
| Google Tag Manager | Marketing analytics | Anonymized browsing data | SOC 2 |
| n8n (Cloud) | Workflow automation | Operational data | SOC 2 |
| Supabase | Billing and operational systems | Billing contacts, operational records | SOC 2 |
| Baserow (Cloud) | Billing and operational systems | Billing contacts, operational records | SOC 2 |
Changes to Subprocessors
CloudRepo will notify customers of any changes to this subprocessor list at least 30 days before the change takes effect. Notifications are sent via email to the account owner's registered email address.
If you have concerns about a new subprocessor, please contact us at security@cloudrepo.io within 14 days of notification.
For more information about our security practices, visit our Trust Center.