Sub-Processors
Last updated: 9 February 2026
This page lists all third-party sub-processors that Theona, Inc. uses to provide the Services. We require all sub-processors to comply with applicable data protection laws, including GDPR and CCPA, through Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs).
Infrastructure & Hosting
| Sub-Processor | Purpose | Data Processed | Location | DPA |
|---|---|---|---|---|
| Supabase | Database hosting, authentication, backend infrastructure | All user data, authentication credentials, application data | United States | Available |
| Railway | Application hosting and Redis infrastructure | Application runtime data, job queues, caching | United States | Available |
AI & Large Language Model Providers
| Sub-Processor | Purpose | Data Processed | Location | DPA |
|---|---|---|---|---|
| OpenAI | AI chat, content generation, task automation | User prompts, chat messages, context data (zero-retention API) | United States | Available |
| Anthropic | Claude LLM for advanced reasoning and conversational AI | User prompts, chat messages, context data (not used for training) | United States | Available |
| Google AI (Gemini) | Conversation summarization and compression | Chat history for summarization (not retained by Google) | United States | Available |
| Perplexity | AI-powered web search for real-time information retrieval | Search queries and context (not used for training) | United States | Available |
| Mem0 | Long-term memory storage for user preferences and context | User ID, preference summaries (no raw conversation content) | United States | Available |
Payment Processing
| Sub-Processor | Purpose | Data Processed | Location | DPA |
|---|---|---|---|---|
| Stripe | Payment processing, subscription management, billing | Email, user ID, payment methods, transaction history | United States | Available |
Analytics & Monitoring
| Sub-Processor | Purpose | Data Processed | Location | DPA |
|---|---|---|---|---|
| Google Analytics (GA4) | Website traffic analysis (marketing website only) | Anonymized page views, visitor behavior, traffic sources (no PII) | United States | Available |
| PostHog | Product analytics (application only) | User ID, email, usage events, session data (partially masked) | United States | Available |
| Sentry | Error monitoring and performance tracking | Sanitized error logs (no PII, no request bodies) | United States | Available |
Integration Framework
| Sub-Processor | Purpose | Data Processed | Location | DPA |
|---|---|---|---|---|
| Composio | Third-party integration management, OAuth connections | User ID, tool execution arguments (no raw user content) | United States | Available |
| Nango | OAuth management for additional third-party integrations | User ID, OAuth tokens, integration metadata | United States | Available |
Data Extraction
| Sub-Processor | Purpose | Data Processed | Location | DPA |
|---|---|---|---|---|
| Firecrawl | Web scraping and content extraction | URLs and extracted web page content (as requested by user) | United States | Available |
| Apify | LinkedIn data extraction and web automation | Public profile data, search results (as requested by user) | European Union (Czech Republic) | Available |
| Sub-Processor | Purpose | Data Processed | Location | DPA |
|---|---|---|---|---|
| Resend | Transactional email delivery | Email address, email content (notifications, account alerts) | United States | Available |
Meeting Recording
| Sub-Processor | Purpose | Data Processed | Location | DPA |
|---|---|---|---|---|
| Recall AI | Meeting recording and transcription | Meeting audio, transcripts, participant metadata (as authorized by user) | United States | Available |
User-Authorized Integrations
When you connect third-party services to your Theona account, data flows between Theona and those services subject to their respective privacy policies. Theona supports 60+ integrations across the following categories:
- Communication: Slack, Microsoft Teams, Discord, Telegram, WhatsApp Business
- Project Management: Linear, Asana, Jira, Notion, Trello, Monday, Todoist
- CRM: HubSpot, Salesforce, Pipedrive, Apollo, Attio
- Google Workspace: Gmail, Calendar, Drive, Docs, Sheets
- Microsoft 365: Outlook, OneDrive, Teams
- Development: GitHub, Bitbucket
- Design: Figma, Webflow
- HR: BambooHR, Lever, Recruitee, Talantix
- Support: HelpScout, Zendesk, Intercom
- Social & Content: LinkedIn, YouTube, Reddit
- Storage: Dropbox, Google Drive, OneDrive
- Other: Shopify, Looker, Confluence, YouTrack
For a complete and up-to-date list of supported integrations, visit theona.ai/integration. Each integration accesses only the data you explicitly authorize.
Data Protection Measures
All sub-processors are required to:
- Implement appropriate technical and organizational security measures
- Process data only as instructed by Theona
- Maintain confidentiality of personal data
- Comply with GDPR, CCPA, and other applicable data protection laws
- Execute Data Processing Agreements (DPAs) with Standard Contractual Clauses (SCCs) where required
- Notify Theona of any data breaches without undue delay
International Data Transfers
When sub-processors are located outside the European Economic Area (EEA) or United Kingdom, we implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for countries deemed to have adequate data protection
- Additional safeguards such as encryption in transit and at rest
Updates to This List
We maintain this page to reflect our current sub-processors. Where practicable, we will notify users of material changes at least 30 days in advance via email. Emergency changes required for security, legal compliance, or service continuity may be implemented with shorter notice. You can also subscribe to updates via our changelog.
Contact Us
If you have questions about our sub-processors or data processing practices, contact us:
Theona, Inc.
Email: [email protected]
For more information, see our Privacy Policy and Terms of Service.