Subprocessors & Service Providers
This page lists the third-party service providers (subprocessors) that Apext Inc. uses to provide and support our Services. We maintain strict data processing agreements with all subprocessors to ensure your data is protected.
Last updated: November 1, 2025 | Version 1.2
Active Subprocessors
The following subprocessors process customer data on behalf of Apext. This list is maintained and versioned, and new processors are updated periodically.
| Subprocessor | Service Provided | Data Shared | Location |
|---|---|---|---|
Google Cloud Platform (GCP) | Cloud infrastructure, database hosting, data storage | Customer Data (employee records, performance data, documents) | United States, EU |
OpenAI | AI-powered features (feedback suggestions, performance insights) | Limited performance text data (anonymized where possible) | United States |
OneSignal | Push notifications, email delivery, in-app messaging | Email addresses, user IDs, notification preferences | United States |
Stripe | Payment processing, billing, invoicing | Billing contact information, payment method details | United States, EU |
Harness | Feature flags, deployment management (internal use) | No customer data shared | United States |
Vercel | Website hosting, CDN (marketing site only) | No customer data shared | Global CDN |
Data Processing Agreements
All subprocessors listed above have executed data processing agreements (DPAs) with Apext that include:
- •Obligations to process data only as instructed by Apext
- •Confidentiality commitments for all personnel with access to data
- •Appropriate technical and organizational security measures (encryption, access controls, monitoring)
- •Assistance with data subject rights requests and breach notifications
- •Data deletion or return upon termination of services
- •Compliance with GDPR, CCPA, and other applicable data protection laws where relevant
International Data Transfers
For subprocessors located outside the European Economic Area (EEA), UK, or Switzerland, we use Standard Contractual Clauses (SCCs) approved by the European Commission, UK International Data Transfer Agreement (IDTA), or other approved transfer mechanisms to ensure adequate protection of personal data.
Notification of Changes
This subprocessor list is maintained and versioned. We update this page periodically when adding new subprocessors or making material changes to existing subprocessor arrangements. Please check this page regularly for updates.
Questions?
If you have questions about our subprocessors or data processing practices, please contact us at privacy@apext.co.