Sub-Processors
Mnemom engages the following third-party service providers ("sub-processors") to deliver our services. Each sub-processor is contractually obligated to handle customer data in a manner consistent with our Privacy Policy and the terms of our Data Processing Agreement.
This list was last updated on 2026-06-12 and may change from time to time. See "Updates" below for how we notify customers of changes.
Infrastructure
| Sub-processor | Purpose | Data categories | Region | Privacy policy |
|---|---|---|---|---|
| Netlify, Inc. | Marketing site hosting and edge functions | IP address, request metadata, static-asset logs | United States | netlify.com/privacy |
| Cloudflare, Inc. | API hosting (Cloudflare Workers), DDoS protection, CDN | IP address, API request/response metadata, bot-mitigation signals | United States (global edge) | cloudflare.com/privacypolicy |
| Supabase, Inc. | Authentication, application database, session management | Account email, hashed credentials, user IDs, session tokens, application data | United States | supabase.com/privacy |
Product analytics and communications
| Sub-processor | Purpose | Data categories | Region | Privacy policy |
|---|---|---|---|---|
| PostHog, Inc. | Product analytics, session recording, feature flags | Pageviews, clickstream events, session recordings (with input masking), user IDs, device/browser metadata, UTM parameters | United States | posthog.com/privacy |
| HubSpot, Inc. | CRM, contact forms, marketing automation, lead tracking | Name, work email, company, phone, job title, form submissions, tracking cookie (hubspotutk), UTM parameters, IP address | United States / European Union | legal.hubspot.com/privacy-policy |
| Slack Technologies, LLC | Internal notifications for enterprise contact requests | Name, work email, company, message excerpt associated with enterprise inquiries | United States | slack.com/trust/privacy |
Marketing and attribution
| Sub-processor | Purpose | Data categories | Region | Privacy policy |
|---|---|---|---|---|
| Retention.com, Inc. (RB2B) | Reverse-IP identity resolution for account-based marketing | IP address, inferred company identity, site-visit metadata | United States | retention.com/privacy |
| LinkedIn Corporation | Conversion tracking and audience insights (LinkedIn Insight Tag) | IP address, user agent, conversion event signals | United States (global) | linkedin.com/legal/privacy-policy |
Billing
| Sub-processor | Purpose | Data categories | Region | Privacy policy |
|---|---|---|---|---|
| Stripe, Inc. | Payment processing, subscription billing, invoicing | Name, billing address, payment method tokens, transaction history, tax identifiers | United States (global) | stripe.com/privacy |
Data Processing Agreement
Mnemom makes a Data Processing Agreement (DPA) available to customers on request. Our DPA incorporates the EU Standard Contractual Clauses (SCCs) and addresses processing under the GDPR, the UK GDPR, the Swiss FADP, and applicable U.S. state privacy laws. To request a copy or to have a DPA executed, email [email protected].
Updates
Material changes to this list are announced at least 30 days in advance via our changelog and an email to customers who have subscribed to sub-processor notifications. To subscribe, email [email protected]. Customers may object to a new sub-processor as set out in our Data Processing Agreement.
For questions about any sub-processor listed above, contact [email protected].
