Effective: May 1, 2026
Subprocessors
These are the third-party services dusto uses to operate. We add a provider only when we need it. Material changes are posted here and (where they affect you) emailed to account holders.
§01CURRENT PROVIDERS
Who processes what.
| Provider | Purpose | Data they receive | Region |
|---|---|---|---|
| AWS (Lambda, S3, SES, Cognito, SQS, EventBridge, KMS, CloudWatch, API Gateway, CloudFront, Route 53) | Compute, storage, email send/receive, auth, queueing, CDN, DNS, encryption | All operational data | us-east-1 (CloudFront global) |
| Neon | Managed Postgres | Account records, parsed email content, agent traces, billing ledger | us-east-1 |
| xAI (Grok) | LLM that powers the agent | Email content (inbound), agent prompts | US (provider default) |
| Stripe | Payments, subscription, invoicing | Email, name (if provided), card data (Stripe-only — we never see card data), payment metadata | Global |
| Sentry | Error monitoring | Stack traces, environment metadata, account UUID; PII flag is OFF | US (provider default) |
| OAuth identity provider (only if you sign in with Google) | Email, name, profile picture (per OAuth scopes) | Global |
Some of these are processors acting on our instructions (AWS, Neon, Sentry); some are independent controllers for the data they receive (Stripe for payments, Google for sign-in, xAI for LLM inference under their API terms). We're working toward formal Data Processing Addenda with each. A DPA with us is available on request for business customers — email admin@spicadust.com.