Sub-processors
Last updated: April 30, 2026
Sub-processors that may process Customer Personal Data in the course of delivering the Filament platform. Incorporated by reference into our Data Processing Addendum.
Change Notice and Objections
Before engaging a new Sub-processor with access to Customer Personal Data, Filamentprovides at least 30 days' notice by updating this page. Subscribe by emailing team@filamentanalytics.com with subject “Subscribe: sub-processor updates”. Customers may object on reasonable data protection grounds within the notice period by emailing the same address.
Customer Data Residency
Customer warehouse data is stored at rest in the region selected at warehouse provisioning: United States, European Union (Germany), or Australia (Sydney). Sub-processor locations are listed below.
Critical Sub-processors
| Vendor | Purpose | Data accessed | Location | Certification |
|---|---|---|---|---|
| Neon | Database infrastructure | Customer warehouse data | Customer-selected region | SOC 2 Type II |
| Vercel | Cloud infrastructure | Application traffic; environment secrets | Global edge; primary US | SOC 2 Type II, ISO 27001 |
| Trigger.dev | Job orchestration | Customer data in transit | United States | SOC 2 Type II |
| Fivetran | Data pipelines | Customer data in transit | Aligned to warehouse region | SOC 2 Type II, ISO 27001 |
| Backup storage | Encrypted warehouse backups | Aligned to warehouse region | SOC 2 Type II, ISO 27001 |
AI Model Providers
All AI models Filament uses have zero data retention and are contractually obligated not to use any customer data for model training.
| Vendor | Role | Location | Certification |
|---|---|---|---|
| Anthropic | Model provider | United States | SOC 2 Type II |
| Model provider | United States | SOC 2 Type II, ISO 27001 | |
| Fireworks AI | Inference provider | United States | SOC 2 Type II, HIPAA |
| Together AI | Inference provider | United States | SOC 2 Type II |
Standard Sub-processors
| Vendor | Purpose | Data accessed | Location | Certification |
|---|---|---|---|---|
| GitHub | Source control | Source code | United States | SOC 2 Type II, ISO 27001 |
| Stripe | Payments | Billing details; transaction data (when connected) | United States | PCI DSS Level 1, SOC 2 Type II |
| Resend | Email delivery | Recipient email; message content | United States | SOC 2 Type II |
| PostHog | Product analytics | Anonymous usage telemetry | European Union | SOC 2 Type II |
Operational Sub-processors
| Vendor | Purpose | Data accessed | Location |
|---|---|---|---|
| Dash0 | Observability | Application telemetry | European Union |
| Productivity | Internal business documents | United States |
Contact
Got a question, want to be notified of changes, or have a concern about one of these sub-processors? Drop us a line at team@filamentanalytics.com.