| Amazon Web Services (AWS) | High | Primary cloud — compute, storage (S3), KMS, secrets; majority of customer data. AWS Textract used for optical character recognition of submitted documents. | CTO | Yes — see Sub-processor List |
| Vultr | High | Secondary cloud — Vultr Cloud Compute, Vultr Bare Metal, Vultr Object Storage, Vultr Kubernetes Engine (VKE) where applicable. Hosts a portion of production compute and database workloads alongside AWS. | CTO | Yes — see Sub-processor List |
| Microsoft 365 (Outlook, SharePoint, OneDrive) | High | Workforce email, document store, internal records. | CISO | No |
| Rippling | High | IdP / SSO, MDM, EDR, HRIS — workforce identity and personnel records. | CISO | No |
| GitHub (incl. Advanced Security, Dependabot, Actions) | High | Source code, continuous-integration and continuous-delivery pipelines, build artifacts, and vulnerability findings. | CTO | No |
| Linear | Medium | Issue tracking, intake-form destinations. | CTO | No |
| Better Stack | Medium | Logs, uptime, on-call paging. | CISO | No |
| Vanta | Medium | Compliance automation, control evidence, vendor inventory mirror. | CISO | No |
| Dashlane | Medium | Workforce password manager. | CISO | Yes — see Sub-processor List |
| HashiCorp Vault (self-hosted on Vultr) | High | Cross-cloud secrets-of-record for production — static secrets, dynamic secrets (DB / cloud-IAM credentials), PKI, Transit-engine application-layer encryption keys. Workload auth via Vault AWS / Kubernetes / AppRole / OIDC methods. Runs on Vultr Cloud Compute / VKE; HashiCorp is a software vendor only (Vault OSS / Enterprise license), not a sub-processor. | CTO + CISO | No — self-hosted on Vultr (already listed). HashiCorp’s role is software-licensor only. |
| Checkr | Medium | Pre-employment background screening (CRA). | CHRO | No |
| HubSpot | Medium | CRM, marketing, sales pipeline. | CEO / GTM | No |
| Snyk | Medium | SCA / dependency scanning. | CTO | No |
| Aqua Security Trivy | Low | Container, infrastructure-as-code, secret, misconfiguration, and license scanning. Open-source and self-hosted. | CTO | No |
| Detectify | Medium | External vulnerability scanning. | CISO | No |
| VGC LLP | Medium | Outside General Counsel. | CEO | No |
| Iron Mountain | Medium | Destruction — paper, magnetic media, e-waste. NAID AAA Certified. | CISO | No |
| Shred-it | Low | Destruction — paper, secure-shred bins. NAID AAA Certified. | CISO | No |
| Anthropic (Claude API / Enterprise) | High | Third-party AI model provider — used in customer-facing product features and for internal tooling. Listed on the Sub-processor List. | CTO + CISO + GC | Yes |
| OpenAI (ChatGPT Enterprise / API) | High | Third-party AI model provider — used in customer-facing product features and for internal tooling. Listed on the Sub-processor List. | CTO + CISO + GC | Yes |
| xAI (Grok API / Enterprise) | High | Third-party AI model provider — used in customer-facing product features and for internal tooling. Listed on the Sub-processor List. | CTO + CISO + GC | Yes |
| Cerebras (cerebras.ai inference) | High | Third-party AI inference provider — used in customer-facing product features and for internal tooling. Listed on the Sub-processor List. | CTO + CISO + GC | Yes |
| Portkey AI | High | LLM-gateway service operated between Neuroscale services and upstream AI model providers. Customer prompts and model outputs transit the gateway. | CTO + CISO + GC | Yes — see Sub-processor List |
| WorkOS | High | Authentication, single sign-on, and organization and membership management for the customer-facing services. | CISO | Yes — see Sub-processor List |
| Resend | High | Transactional email delivery for product and operational notifications. Processes recipient email addresses and message content. | CTO + CISO | Yes — see Sub-processor List |
| Discord (webhooks) | Low | Internal operational alerting only. Workforce-only; no Customer Personal Data is transmitted. | CISO | No |
| Temporal Cloud | High | Background workflow orchestration. Workflow payloads may include Customer Personal Data. | CTO + CISO | Yes — see Sub-processor List |
| Vercel | High | Frontend hosting and edge runtime for the customer-facing services. | CTO | Yes — see Sub-processor List |
| Cloudflare | High | Cloudflare One (Gateway, Access, WARP) for workforce networking and Zero Trust access control; Cloudflare Tunnel for ingress to deployed services. | CISO + CTO | Yes — see Sub-processor List |
| People Data Labs | High | Person-profile enrichment used in customer-facing product features. | CTO + GC | Yes — see Sub-processor List |
| RocketReach | High | Contact-discovery lookups used in customer-facing product features. | CTO + GC | Yes — see Sub-processor List |
| Kickbox | Medium | Email-address deliverability validation. | CTO | Yes — see Sub-processor List |
| NumVerify (APILayer) | Medium | Phone-number validation and carrier lookup. | CTO | Yes — see Sub-processor List |
| FireCrawl | Medium | Retrieval of public-web content in support of product import features. No Customer Personal Data is transmitted to FireCrawl. | CTO | No |
| Logo.dev | Low | Company-logo lookup by domain. No Personal Data or Customer Personal Data is transmitted. | CTO | No |
| Bright Data | Low | Residential-proxy network used for collection of public-web content. No Customer Personal Data is transmitted. | CTO | No |
