Theona Main Logo

Sub-Processors

Third-party services we use to deliver Theona, with full transparency on data processing

Last updated: 9 February 2026

This page lists all third-party sub-processors that Theona, Inc. uses to provide the Services. We require all sub-processors to comply with applicable data protection laws, including GDPR and CCPA, through Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs).

Infrastructure & Hosting

Supabase

View DPA →

Database hosting, authentication, backend infrastructure

Data Processed: All user data, authentication credentials, application data 📍 United States

Railway

View DPA →

Application hosting and Redis infrastructure

Data Processed: Application runtime data, job queues, caching 📍 United States

AI & Large Language Model Providers

OpenAI

View DPA →

AI chat, content generation, task automation

Data Processed: User prompts, chat messages, context data (zero-retention API) 📍 United States

Anthropic

View DPA →

Claude LLM for advanced reasoning and conversational AI

Data Processed: User prompts, chat messages, context data (not used for training) 📍 United States

Google AI (Gemini)

View DPA →

Conversation summarization and compression

Data Processed: Chat history for summarization (not retained by Google) 📍 United States

Perplexity

View DPA →

AI-powered web search for real-time information retrieval

Data Processed: Search queries and context (not used for training) 📍 United States

Mem0

View DPA →

Long-term memory storage for user preferences and context

Data Processed: User ID, preference summaries (no raw conversation content) 📍 United States

Payment Processing

Stripe

View DPA →

Payment processing, subscription management, billing

Data Processed: Email, user ID, payment methods, transaction history 📍 United States

Analytics & Monitoring

Google Analytics (GA4)

View DPA →

Website traffic analysis (marketing website only)

Data Processed: Anonymized page views, visitor behavior, traffic sources (no PII) 📍 United States

PostHog

View DPA →

Product analytics (application only)

Data Processed: User ID, email, usage events, session data (partially masked) 📍 United States

Sentry

View DPA →

Error monitoring and performance tracking

Data Processed: Sanitized error logs (no PII, no request bodies) 📍 United States

Integration Framework

Composio

View DPA →

Third-party integration management, OAuth connections

Data Processed: User ID, tool execution arguments (no raw user content) 📍 United States

Nango

View DPA →

OAuth management for additional third-party integrations

Data Processed: User ID, OAuth tokens, integration metadata 📍 United States

Data Extraction

Firecrawl

View DPA →

Web scraping and content extraction

Data Processed: URLs and extracted web page content (as requested by user) 📍 United States

Apify

View DPA →

LinkedIn data extraction and web automation

Data Processed: Public profile data, search results (as requested by user) 📍 EU (Czech Republic)

Email

Resend

View DPA →

Transactional email delivery

Data Processed: Email address, email content (notifications, account alerts) 📍 United States

Meeting Recording

Recall AI

View DPA →

Meeting recording and transcription

Data Processed: Meeting audio, transcripts, participant metadata (as authorized by user) 📍 United States

User-Authorized Integrations

When you connect third-party services to your Theona account, data flows between Theona and those services subject to their respective privacy policies. Theona supports 60+ integrations across the following categories:

Communication: Slack, Microsoft Teams, Discord, Telegram, WhatsApp Business
Project Management: Linear, Asana, Jira, Notion, Trello, Monday, Todoist
CRM: HubSpot, Salesforce, Pipedrive, Apollo, Attio
Google Workspace: Gmail, Calendar, Drive, Docs, Sheets
Microsoft 365: Outlook, OneDrive, Teams
Development: GitHub, Bitbucket
Design: Figma, Webflow
HR: BambooHR, Lever, Recruitee, Talantix
Support: HelpScout, Zendesk, Intercom
Social & Content: LinkedIn, YouTube, Reddit
Storage: Dropbox, Google Drive, OneDrive
Other: Shopify, Looker, Confluence, YouTrack

For a complete and up-to-date list of supported integrations, visit theona.ai/integration. Each integration accesses only the data you explicitly authorize.

Data Protection Measures

All sub-processors are required to:

  • Implement appropriate technical and organizational security measures
  • Process data only as instructed by Theona
  • Maintain confidentiality of personal data
  • Comply with GDPR, CCPA, and other applicable data protection laws
  • Execute Data Processing Agreements (DPAs) with Standard Contractual Clauses (SCCs) where required
  • Notify Theona of any data breaches without undue delay

International Data Transfers

When sub-processors are located outside the European Economic Area (EEA) or United Kingdom, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries deemed to have adequate data protection
  • Additional safeguards such as encryption in transit and at rest

Updates to This List

We maintain this page to reflect our current sub-processors. Where practicable, we will notify users of material changes at least 30 days in advance via email. Emergency changes required for security, legal compliance, or service continuity may be implemented with shorter notice. You can also subscribe to updates via our changelog.

Contact Us

If you have questions about our sub-processors or data processing practices, contact us:

Theona, Inc.

Email: [email protected]

For more information, see our Privacy Policy and Terms of Service.

Ready to reinvent work?

Start today
PricingArticlesIntegrationsTemplatesPartnershipSupport
Privacy PolicyTerms of ServiceCookie PolicySub-ProcessorsSecurityTrust Center
Backed byAgentic BuildersAgentic Builders
Slack