Third-Party Vendors

Services: Hosting and managing cloud infrastructure, and transactional email delivery (Amazon SES)

Personal data: Hosts encrypted user data; sends account, billing, and security email

Data centers: EU, Global (multiple locations)

HQ: Seattle, Washington, USA

Secure hosting infrastructure only. AWS provides encrypted storage but cannot access your actual notes or content. Transactional email (account, billing, security notices) is sent via Amazon SES.

Homepage · Privacy · DPA

Services: Developing and distributing applications through the Apple ecosystem

Personal data: App Store account data and on-device processing

Data centers: Global (multiple locations)

HQ: Cupertino, California, USA

The Whisper transcription model runs locally on your device. Apple handles App Store transactions but doesn't access your Cleft content.

Homepage · Privacy

Services: CDN, DNS, and DDoS protection services

Personal data: Website traffic and DNS queries

Data centers: Global (multiple locations)

HQ: San Francisco, California, USA

Website traffic patterns and DNS queries only. No access to Cleft content or user data.

Homepage · Privacy · DPA

Services: Primary LLM provider for note enhancement

Personal data: Processes transcript text only

HQ: San Francisco, California, USA

Transcript text only (never audio) for AI processing. Your data is never used for model training.

Homepage · Privacy · DPA

Services: Backup LLM provider to ensure service reliability

Personal data: Processes transcript text only

Data centers: Global (multiple locations)

HQ: Mountain View, California, USA

Alternative AI processor for text enhancement. Same privacy protections as OpenAI.

Homepage · Privacy

Services: Handling online transactions securely

Personal data: Payment processing (PCI compliant)

HQ: San Francisco, California, USA

Payment processing only. We never see your actual payment details.

Homepage · Privacy · Legal

Services: Managing in-app subscriptions and purchases

Personal data: Subscription data and analytics

Data centers: Global (multiple locations)

HQ: San Francisco, California, USA

Subscription management and analytics. No access to your notes or content.

Homepage · Privacy · Terms

Services: Business banking and financial services

Personal data: Financial transactions and account data

Data centers: EU

HQ: London, United Kingdom

Internal business banking transactions only. No customer data or personal information.

Homepage · Privacy · Terms

Services: Managing marketing activities and customer interactions

Personal data: Contact info and support interactions

Data centers: EU

HQ: Cambridge, Massachusetts, USA

Contact information and customer support interactions only.

Homepage · DPA

Services: Marketing email campaigns only (newsletters and opt-in updates)

Personal data: Email addresses for marketing (opt-in)

Data centers: Global (multiple locations)

HQ: Vilnius, Lithuania

Marketing only: email addresses for newsletter delivery (opt-in). Not used for transactional or account email, and no access to personal content.

Homepage · Privacy · Terms

Services: Communication, document creation, and collaboration

Personal data: Internal business communications

Data centers: EU

HQ: Mountain View, California, USA

Internal team communications only. No user data processing.

Homepage · Privacy · DPA

Services: Analysing business data and generating reports

Personal data: Aggregated business analytics

Data centers: EU (self-hosted)

HQ: N/A (open-source project)

Aggregated business metrics only. No individual user data.

Homepage · Privacy · Terms

Services: Team password management and secure credential storage

Personal data: Internal team credentials and access management

Data centers: EU

HQ: Toronto, Ontario, Canada

Internal team passwords and credentials only. No customer data or personal information.

Homepage · Privacy · Terms

Services: Monitoring and resolving application errors

Personal data: Error logs (no personal content)

HQ: San Francisco, California, USA

Application error logs only. No personal content included in crash reports.

Homepage · Privacy · Terms

Retired: Being retired in 2026. Our public website now runs on Cloudflare (listed under Cloud infrastructure above); Webflow no longer hosts the site or receives form submissions.

Services: Previously designed and hosted our public-facing website and forms

Personal data: Website form submissions (historical)

Data centers: Global (multiple locations)

HQ: San Francisco, California, USA

Formerly handled website contact forms and landing page interactions. No new data is sent to Webflow.

Homepage · Privacy · Terms

Services: Enhancing user experience through design consulting

Personal data: Design consultation materials

Data centers: Global (multiple locations)

HQ: San Francisco, California, USA

Design assets and user experience materials only.

Homepage · Privacy · Terms

Services: Domain registration and DNS management

Personal data: Domain registration information

Data centers: Global (multiple locations)

HQ: Phoenix, Arizona, USA

Domain registration details and DNS configuration only.

Homepage · Privacy · Terms

Services: OAuth integration management (e.g. the Notion connection)

Personal data: Integration authorization tokens

Data centers: Global (multiple locations)

HQ: San Francisco, California, USA

Manages the OAuth tokens for integrations you connect (such as Notion). Handles authorization only, not your note content. DPA on file.

Homepage · Privacy

Services: Form building and data collection (replaces SavvyCal)

Personal data: Form submissions and contact information

Data centers: Global (multiple locations)

HQ: San Francisco, California, USA

Form submissions and scheduling data only.

Homepage · Privacy · Terms

Services: Automating workflows across different tools

Personal data: Integration data flows

Data centers: Global (multiple locations)

HQ: San Francisco, California, USA

Only data flows you explicitly configure in integrations.

Homepage · Privacy · Terms

Services: Social media marketing and brand engagement

Homepage · Privacy

Services: Social media marketing and brand engagement

Homepage · Privacy

Services: Social media marketing, talent and brand engagement

Homepage · Privacy

Services: Social media marketing and brand engagement

Homepage · Privacy

Services: Social media marketing and brand engagement

Homepage · Privacy

Services: Social media marketing and brand engagement

Homepage

Services: Link management and branded short URLs

Homepage

Services: Managing source code and collaboration

Homepage · Privacy

Services: Facilitating internal communication and collaboration

Homepage · Privacy

Services: Designing user interfaces collaboratively

Homepage · Privacy

Services: Internal development and business operations (coding, drafting, support triage)

Used internally for development and running the business. It does not process your notes or content. Any review of inbound feedback or email is done on text we manually scrub of personal data first, human-directed and never automated.

Homepage · Privacy · Terms

Services: Documentation platform hosting (replaced GitBook)

Public documentation content only.

Homepage · Privacy · Terms

Services: Product video creation

Services: Hosting and distributing podcasts

Homepage · Privacy

Services: Audio and video editing

Homepage · Privacy

Services: Collecting website analytics with a focus on privacy

Anonymous page views and bounded website interaction events only. No personal data collected.

Homepage · Privacy

Services: In-app anonymous analytics and performance monitoring

Data centers: EU (Germany)

HQ: Würzburg, Germany

Anonymous app usage patterns and performance metrics only. Zero personal information.

Homepage · Privacy · Terms