This document provides transparency on third parties ("Processors" and "Sub-Processors") involved in processing data in connection with ClickTerm services.
Important: Not every vendor listed here processes every customer's data. Applicability depends on your configuration and enabled features.
Includes only data relating to a customer's end users interacting with ClickTerm clickwrap flows, such as:
Clickwrap Event metadata (e.g., accepted/declined/pending, timestamp)
Technical metadata (e.g., IP address, browser/device information, user agent)
Placeholders (only if you configure ClickTerm to collect them)
Clickwrap Version identifier and audit trail entries
Optional delivery of acceptance documents/certificates (if enabled)
Goal: End-user data is processed using the smallest practical set of providers (primarily hosting and security), with optional providers only when a feature is enabled.
Includes customer company details, billing/invoicing, customer admin users, support/sales communications, internal operations, reporting, accounting, and corporate tooling.
For Scope A, ClickTerm is designed to keep end-user data within a small set of providers:
Core infrastructure hosting
Edge security / traffic protection
Optional services only when you enable specific features (e.g., end-user email delivery)
Note on "Country" in the tables below: This indicates the vendor's primary location and/or the default region relevant to our configuration. Depending on the vendor and configuration (e.g., support access, sub-processing, or regional settings), processing may occur in additional locations.
Name | Purpose | Country | Notes |
|---|---|---|---|
Amazon Web Services | Hosting / storage of clickwrap versions, events, audit trails and related service data | Germany | Core infrastructure |
Cloudflare | Security (CDN/WAF/DDoS), may process IP/traffic metadata | USA | Edge security |
These providers are used for monitoring/observability. ClickTerm aims to avoid storing unnecessary personal data in monitoring tools; however, depending on configuration, technical identifiers may appear.
Name | Purpose | Country | Notes |
|---|---|---|---|
Sentry | Error tracking | USA | Technical telemetry; configured to minimize personal data |
Datadog | Monitoring/telemetry | Germany | Technical telemetry; configured to minimize personal data; EU region |
Elasticsearch (logging/analytics platform) | Logs/analytics | Norway | Used for operational logging/analytics as applicable |
IPinfo | Geo-location inference from IP address | USA | Used to derive approximate location from IP metadata |
Google reCAPTCHA Enterprise | Bot and fraud protection | USA | Used to protect service endpoints from abuse |
Name | Purpose | Country | When used |
|---|---|---|---|
Mailgun | Email delivery | Germany / Ireland | Only if you enable end-user email delivery (e.g., acceptance copy / document delivery). Also used for customer account authentication (see Scope B). EU region. |
SendGrid | Email delivery | USA | Only if you enable end-user email delivery (e.g., acceptance copy / document delivery). Also used for customer account authentication (see Scope B). |
In standard configurations, no additional processors are required for Scope A beyond the Sub-Processors listed above. If you enable features that route Scope A (end-user) data to additional vendors, those vendors will be added to Section Aand will require re-acceptance (see Section 7).
These vendors support ClickTerm corporate operations and customer account administration. They are not required for processing ClickTerm end-user clickwrap flows (Scope A), unless explicitly stated.
Name | Purpose | Country |
|---|---|---|
1Password | Credential management | Canada |
Anthropic | AI services (internal productivity) | USA |
Atlassian | Project management | Australia |
Calendly | Scheduling services | USA |
Freshworks | Customer Relationship Management | USA |
GitHub | Source code management / development | USA |
Reporting services | Ireland | |
Koethe | Accounting services | Germany |
Mailgun | Customer account email (OTP, registration) | Germany / Ireland |
Microsoft Teams | Communication services | Germany |
n8n | Workflow automation / integration | Germany |
OpenAI (OpenAI Ireland Limited) | AI services (internal productivity) | Ireland |
PayPal | Payment / card processing | USA |
Salesforce | CRM | Germany |
SendGrid | Customer account email (OTP, registration) | USA |
Slack | Communication services | Ireland |
StatusPage | Communication services | USA |
Tailscale | VPN | Canada |
TelQ Telecom DOO | Development services | Serbia |
Zapier | Automation tool | USA |
Zoho | Accounting services | Germany |
Zoom | Communication services | USA |
Note: Core infrastructure vendors that support both Scope A and Scope B (e.g., hosting/security) are listed in Section Ato avoid duplication and to keep the end-user list authoritative.
Where customers have granted general authorisation for Sub-Processors, ClickTerm will inform customers of intended additions or replacements of Sub-Processors for Scope A by publishing an updated version of this document in the ClickTerm Admin Console and requiring explicit re-acceptance.
Notice method (written): a new published version of this clickwrap document, presented for acceptance in the Admin Console.
Notice period: changes will take effect no earlier than 30 days after publication of the updated version, unless a shorter timeline is required for urgent security, fraud prevention, or legal compliance.
Opportunity to object: customers may object by declining the updated version within the notice period.
If you decline: ClickTerm may (a) propose a commercially reasonable alternative, (b) disable the affected optional feature, or (c) terminate the affected services in accordance with the Terms/DPA.
This mechanism is intended to satisfy the GDPR/UK GDPR requirement to inform controllers of intended sub-processor changes and provide an opportunity to object.
For legal/privacy questions regarding this list, contact: [email protected]