Subprocessors.
Every third-party service that touches Customer Data, what it receives, and the region where it processes that data. We will list new providers as they are onboarded and we notify customers thirty days before a new processor gains access.
| Provider | Purpose | Data accessed | Region | Sub-DPA |
|---|---|---|---|---|
| Kinde | Authentication, organizations, role assignment | User email, name, last-login timestamp, role membership | United States | Link |
These categories will be filled in with named providers as the underlying features ship. They appear here so that pilot customers know in advance which seats are reserved at the table.
| Provider | Purpose | Data accessed | Region | Sub-DPA |
|---|---|---|---|---|
| Managed Postgres host (TBD) | Primary database and object storage when Interline hosts the deployment | All Customer Data at rest | Customer-selected (US, EU) | Listed when the provider is selected |
| AI inference provider (TBD) | Drafting and classification on operator-initiated requests | Redacted text payloads with PII stripped before egress | United States | Listed when the provider is selected |
| Transactional email provider (TBD) | Sending review documents and tenant notifications | Recipient address, subject, template variables | United States | Listed when the provider is selected |
How we evaluate new subprocessors
Every candidate provider passes through a four-step review before it is allowed near Customer Data. First we conduct a security review covering their published controls, posture, certifications, and incident history. Second we put a written data-processing agreement in place with terms at least as protective as the contract Interline holds with its tenants. Third we scope the integration to the minimum data required for the feature - if the provider does not strictly need a field, the integration does not send it. Fourth we publish the addition here and email tenant owners thirty days before the processor gains access, so that any tenant who objects can raise it before the change takes effect.
Removing a subprocessor follows the same path in reverse: the integration is removed, the provider is asked to delete or return the data, and the entry is moved to a historical record kept for the duration of any applicable retention obligation.
Subscribe to changes
Tenant owners are notified by email at the address on file. To add a compliance distribution list, email [email protected] from a verified domain owner address and we will add the list to the notification record for your tenant.