Sub-processors
This page lists the sub-processors SalesSign uses to deliver the service, in line with Article 28(2) of the GDPR. The third-party providers SalesSign engages to help deliver the service — what each one does, the data it handles and the region it operates in. This is a living register; we give advance notice before we add or replace a sub-processor.
Last updated: 3 June 2026
What is a sub-processor?
When you use SalesSign, we act as a processor of personal data on your behalf — you remain the controller. A sub-processor is a third party we engage to help us provide the service, and which may process personal data in the course of doing so. Examples of the kinds of functions a sub-processor might perform include hosting, infrastructure, error monitoring, email delivery and customer-support tooling.
This page is the authoritative, up-to-date register of the sub-processors we use. It exists so that procurement, security and legal reviewers can see — without having to ask — exactly who is in our supply chain, what they touch and where they sit. Our use of each sub-processor is governed by our Data Processing Agreement and by written terms with that sub-processor that impose data-protection obligations no less protective than our own.
Where your documents and CRM data live
SalesSign is a Salesforce-native application. Your proposals, signed documents and CRM records remain inside your own Salesforce org — they are not copied into a separate SalesSign data store as a matter of course. Salesforce is therefore your own platform provider rather than a SalesSign sub-processor; the sub-processors listed below are the providers we rely on to operate the parts of the service that sit outside your Salesforce org. For more on how the application is built, see Security & Trust.
Current sub-processors
The register below is populated with placeholder rows pending confirmation against our vendor records. Real entries will replace these before publication.
| Sub-processor | Service / purpose | Personal data processed | Region |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure: database (Aurora), document & PDF storage (S3), PDF generation (Lambda) and transactional email (SES) | Account data, uploaded documents, recipient names & email addresses, email content | UK / EU |
| Railway | Application hosting and compute | All application data processed by the service | UK / EU |
| SignatureAPI | Electronic-signature processing, signature capture and tamper-evident audit trail | Signer name, email address, IP address, signature and the signed document | EU / US (SCCs / UK IDTA) |
| Salesforce | The customer’s own CRM platform that SalesSign integrates with (the customer is controller of its Salesforce org) | CRM records the customer chooses to use with SalesSign | Customer-determined |
| Stripe | Subscription billing and payment processing | Billing contact details and payment information | US (SCCs / UK IDTA) |
| Sentry | Application error monitoring and diagnostics | Technical and diagnostic data; limited personal data incidentally contained in error reports | US (SCCs / UK IDTA) |
| OpenAI | Powers our in-app support chatbot (answers from our own help content and deflects to a support case) | Support chat messages you submit | US (SCCs / UK IDTA) |
| Google Analytics (Google) | Website analytics (loads only after consent) | Website usage data and cookie identifiers | US (SCCs / UK IDTA) |
| Instatus | Public status page and uptime / API monitoring | Service status data (no customer personal data) | EU / US |
The personal data we process on your behalf, and the purposes for which we process it, are described in our Data Processing Agreement. Where a sub-processor is located outside the UK or EEA, transfers are made under an appropriate safeguard (for example, the relevant Standard Contractual Clauses or the UK Addendum) the UK IDTA and EU Standard Contractual Clauses where personal data is transferred outside the UK or EEA.
Changes to this register and advance notice
This is a living document. We will keep it current and will update the “Last updated” date above whenever the register changes.
Before we engage a new sub-processor, or replace an existing one, that will process customer personal data, we will give affected customers at least 14 days’ advance notice. If you have a reasonable, data-protection-based objection to a proposed change, you may raise it with us using the contact details below, and we will work with you in good faith as set out in the DPA.
Subscribe to changes
To be notified when this register is updated, use our change-notification mechanism: by email to your nominated account contact and by updating this page.
Vendors are vetted, contracted and reviewed.
Assessed before onboarding
We review a prospective sub-processor’s security and data-protection posture before it handles any customer data.
Bound by written terms
Each sub-processor is engaged under a data-processing contract with obligations no less protective than those in our own DPA.
Transfers safeguarded
Where data leaves the UK or EEA, we rely on an appropriate transfer mechanism such as the Standard Contractual Clauses or the UK Addendum. where applicable
Read more about our security programme → SalesSign is currently undergoing Salesforce’s AppExchange Security Review.