Sub-Processors
Looking for the V1 version of this document? View V1 sub processors
This page lists the third-party sub-processors that Vistaly, Inc. uses to provide, secure, and improve our services. Each sub-processor has been vetted for compliance with applicable data protection regulations.
If you have questions about our sub-processors, please contact us at dpo@vistaly.com.
| Sub-Processor | Description | Data Processing Region | DPF | Location | Links |
|---|---|---|---|---|---|
| Amazon Web Services, Inc. | We use AWS to host our entire application infrastructure, including servers, databases, and backups. AWS enables us to provide secure, scalable, and reliable services. This includes data storage, processing, and disaster recovery solutions to ensure high availability and durability for our application. | Your selected region (US or EU) | Yes | 410 Terry Ave N, Seattle, WA, 98109-5210 United States | |
| Anthropic PBC | We use Anthropic's Claude API to power AI-driven features within the Vistaly platform, including text analysis, summarization, and insight generation. | United States | No | 548 Market St, PMB 90375, San Francisco, CA 94104 United States | |
| AssemblyAI, Inc. | We use AssemblyAI for speech-to-text transcription in our beta Vistaly product. AssemblyAI is not used by app.vistaly.com. | Your selected region (US or EU) | Yes | 2261 Market Street #4577, San Francisco, CA 94114 United States | |
| Atlassian | We offer a Jira app that allows customers to integrate our application directly with their Jira environment. This integration enables users to interface with our app from within Jira or view key aspects of our application in the Jira dashboard, providing a seamless workflow between the two platforms. | United States | Yes | 1098 Harrison Street, San Francisco, California 94103 United States | |
| Attio Limited | We utilize Attio as an internal CRM. No customer data is processed by Attio. | United Kingdom (internal use only) | No | Exmouth House Unit 120, 3-11 Pine Street, London EC1R 0JH United Kingdom | |
| Google LLC | We use Google to facilitate secure login through Google's OAuth service. This allows users to log in to our platform using their Google accounts, ensuring a seamless and secure authentication process. | United States | Yes | 1600 Amphitheatre Parkway, Mountain View, CA, 94043-1351 United States | |
| iubenda | We use Iubenda to manage and track user consent for cookies and data processing on our platform. This ensures that we comply with relevant data protection regulations, such as GDPR and CCPA, by securely recording and storing user consent preferences. | Italy | No | Via San Raffaele, 1 – 20121 Milan Italy | |
| Loops | We use Loops for managing and sending marketing and promotional email communications to our users. | United States | Yes | 9450 SW Gemini Dr, PMB 22902, Beaverton, Oregon 97008-7105 United States | |
| Product Talk LLC | Product Talk provides licensed services integrated into the Vistaly platform, including the Interview Snapshot Generator and OST Update features. Product Talk has platform access to customer data for product research, service improvement, and quality assurance of the licensed services. All data remains within Vistaly's infrastructure — Product Talk does not store or export customer data. | Your selected region (US or EU) | No | Bend, OR 97703, United States | |
| Posthog Inc | We use PostHog for product analytics to track and analyze user interactions within our application. This helps us understand how users engage with our platform, enabling us to improve user experience, optimize features, and make data-driven decisions for product development. | United States | Yes | 2261 Market Street #4008, San Francisco, CA 94114 United States | |
| Slack Technologies Inc. | We offer a Slack bot that customers can install to interact with our application directly from their Slack workspace. This integration allows users to receive notifications, perform certain actions, and communicate with our app seamlessly within Slack. | United States | Yes | 500 Howard Street, San Francisco, CA 94105 United States | |
| Stripe, Inc. | We use Stripe to manage payment processing for our subscriptions. Stripe handles secure transactions, billing, and invoicing for our customers, ensuring that payments are processed reliably and securely. This includes support for credit card payments and managing subscriptions across different plans. | United States | Yes | 354 Oyster Point Blvd South San Francisco, CA, 94080-1912 United States | |
| Zapier, Inc. | We use Zapier for workflow automation. | United States | Yes | 548 Market St. San Francisco, CA 94104 United States |
About Data Privacy Framework (DPF)
The EU-U.S. Data Privacy Framework (DPF) provides a mechanism for the lawful transfer of personal data from the EU, UK, and Switzerland to the United States. You can verify certifications on the Data Privacy Framework website.
For more information about how we protect your data and our compliance practices, please refer to our Privacy Policy, GDPR Compliance Statement, and Security Policy.
Data Residency and Sub-Processors
Vistaly offers a choice of data residency region — United States or European Union — which customers select during account creation. This choice is permanent and determines where your primary application data (databases, file storage, and backups) is hosted. The infrastructure is fully separated between regions.
However, some sub-processors listed above process data exclusively in the United States regardless of your chosen data residency region. The “Data Processing Region” column in the table above indicates where each sub-processor processes your data.
In particular, AI-powered features within Vistaly are processed by Anthropic in the United States. Anthropic is not currently certified under the EU-U.S. Data Privacy Framework. For all transfers of personal data to sub-processors located outside the customer’s chosen region, Vistaly relies on appropriate safeguards including the EU-U.S. Data Privacy Framework (where the sub-processor is certified), Standard Contractual Clauses (SCCs), and Data Processing Agreements (DPAs) to ensure an adequate level of data protection.
Additionally, certain platform services operate outside of the customer’s chosen data residency region:
- Authentication services (AWS Cognito) are hosted in the United States for all customers, regardless of chosen data residency. This service processes login credentials, authentication tokens, and email addresses.
- Account directory — a minimal set of account identifiers (account IDs and URL slugs) is replicated globally to ensure service availability and prevent conflicts across regions. This directory does not contain customer content or personal data beyond account identifiers.