Skip to content
Order Management
Close the order-to-approval gap.
Procurement
Source-to-pay without spreadsheets.
Inventory Control
Live stock across every warehouse.
OPEX Intelligence
Real-time budget vs actual.
Integrations
40+ native connectors, 2-hour setup.
AI Modules2026
Predictive reorder, risk, anomaly.
Manufacturing
BOM-aware procurement, multi-plant stock.
Retail & CPG
Shelf-to-supplier visibility at SKU depth.
Healthcare
HIPAA-aligned, lot-tracked, audit-ready.
Logistics
Fleet-aware procurement tied to route P&L.
Energy & Utilities
CapEx + OPEX unified for regulator review.
CustomersPricingResources
Sign in
Book a Demo
LEGAL · SUB-PROCESSORS

Sub-processors

The current list of authorized sub-processors that may process customer personal data on ORDENTRA's behalf.
Last updatedApril 11, 2026
EffectiveApril 1, 2026
Release2026-04
Sample policy — not legal advice

This is a sample policy for ORDENTRA's marketing site and does not constitute legal advice. Real enterprise agreements are provided separately by our legal team.

What is a sub-processor

The vendors we trust to help run the platform

A sub-processor is a third-party vendor that processes customer personal data on ORDENTRA's behalf in the course of delivering the Service. Under the GDPR, the UK GDPR, and our Data Processing Addendum, we are required to maintain an up-to-date list of sub-processors, to bind each one by written terms at least as protective as our DPA, and to give customers the opportunity to object to changes.

This page is the canonical record of every sub-processor currently authorized to handle customer personal data for any part of the ORDENTRA platform. It is updated whenever a sub-processor is added, removed, or replaced. Customers are notified of changes at least thirty (30) days in advance via email and the in-product changelog. A customer may object to a new sub-processor on reasonable data protection grounds during the notice period, as set out in Section 9 of the DPA.

If you would like to receive email notifications when this list changes, use the subscribe card below or email subprocessors@ordentra.com with the subject line “SUBSCRIBE” from any address at your organization.

Subscribe to sub-processor updates

Get an email whenever a sub-processor is added, removed, or replaced, with at least 30 days' notice before the change takes effect.

Subscribe via email
Current sub-processors

Authorized as of April 11, 2026

Organised by functional category. Each sub-processor has a signed data processing agreement and, where applicable, transfer safeguards under the 2021/914 EU SCCs.

16 active

Infrastructure & Hosting

3 sub-processors

Compute, storage, and network providers operating the underlying platform.

  • Amazon Web Services, Inc.
    Purpose
    Hosting, compute, storage, and managed databases
    Location
    US, EU (Frankfurt, Dublin), APAC (Singapore, Sydney)
    Safeguards
    SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, GDPR SCCs
  • Google Cloud Platform
    Purpose
    Secondary hosting, data warehouse, and analytics compute
    Location
    US, EU (Belgium, Netherlands)
    Safeguards
    SOC 2 Type II, ISO 27001, ISO 27017, GDPR SCCs
  • Cloudflare, Inc.
    Purpose
    Content delivery network, WAF, and DDoS protection
    Location
    Global edge (default EU routing for EU tenants)
    Safeguards
    SOC 2 Type II, ISO 27001, PCI DSS L1, GDPR SCCs

Data & Analytics

3 sub-processors

Observability, error tracking, and data platforms for internal operations.

  • Snowflake Inc.
    Purpose
    Customer analytics data warehouse (aggregated usage only)
    Location
    US, EU (Frankfurt)
    Safeguards
    SOC 2 Type II, ISO 27001, HIPAA, GDPR SCCs
  • Datadog, Inc.
    Purpose
    Observability, application performance monitoring, logs
    Location
    US, EU (Paris)
    Safeguards
    SOC 2 Type II, ISO 27001, GDPR SCCs
  • Functional Software, Inc. (Sentry)
    Purpose
    Application error tracking and release health
    Location
    US, EU (Frankfurt)
    Safeguards
    SOC 2 Type II, GDPR SCCs

Customer Communications

3 sub-processors

Transactional messaging, support, and customer engagement channels.

  • Twilio SendGrid
    Purpose
    Transactional email (notifications, receipts, alerts)
    Location
    US, EU
    Safeguards
    SOC 2 Type II, GDPR SCCs
  • Twilio, Inc.
    Purpose
    SMS notifications and voice for incident alerting
    Location
    US, EU
    Safeguards
    SOC 2 Type II, ISO 27001, GDPR SCCs
  • Intercom, Inc.
    Purpose
    In-product messaging and customer support chat
    Location
    US, EU (Dublin)
    Safeguards
    SOC 2 Type II, ISO 27001, GDPR SCCs

Identity & Security

3 sub-processors

Identity, secrets, and security scanning services.

  • Okta, Inc. (Auth0)
    Purpose
    Customer identity provider and SSO orchestration
    Location
    US, EU (Dublin)
    Safeguards
    SOC 2 Type II, ISO 27001, ISO 27018, GDPR SCCs
  • HashiCorp, Inc. (Vault Cloud)
    Purpose
    Secrets management and dynamic credentials
    Location
    US, EU (Frankfurt)
    Safeguards
    SOC 2 Type II, GDPR SCCs
  • Snyk Limited
    Purpose
    Dependency and container security scanning
    Location
    US, EU (Dublin)
    Safeguards
    SOC 2 Type II, ISO 27001, GDPR SCCs

Business Operations

4 sub-processors

Billing, contracting, CRM, and customer support systems used by our commercial teams.

  • Stripe Payments Europe, Ltd.
    Purpose
    Billing, subscriptions, and payment processing
    Location
    US, EU (Dublin)
    Safeguards
    SOC 1, SOC 2 Type II, PCI DSS Level 1, GDPR SCCs
  • DocuSign, Inc.
    Purpose
    Contract execution and electronic signature
    Location
    US, EU (Frankfurt)
    Safeguards
    SOC 2 Type II, ISO 27001, eIDAS QES, GDPR SCCs
  • HubSpot, Inc.
    Purpose
    CRM, marketing automation, and commercial pipeline
    Location
    US, EU (Frankfurt)
    Safeguards
    SOC 2 Type II, GDPR SCCs
  • Zendesk, Inc.
    Purpose
    Customer support ticketing and knowledge base
    Location
    US, EU (Dublin)
    Safeguards
    SOC 2 Type II, ISO 27001, GDPR SCCs
Change history

Recent additions, removals, and replacements

This log records material changes to the sub-processor list in the past six months. Customers on the notification list also receive an email the moment each change is proposed, at least thirty (30) days before the change takes effect.

  1. Added2026-04-02
    HashiCorp Vault Cloud (EU region)

    Added the EU (Frankfurt) Vault Cloud region to meet data residency requirements for EU customers on the Sovereign tier.

  2. Replaced2026-03-17
    Mailgun → Twilio SendGrid

    Consolidated transactional email on SendGrid following a procurement review; SendGrid offers broader EU hosting coverage and a more mature audit trail.

  3. Added2026-02-24
    Snyk Limited

    Added Snyk for dependency and container security scanning as part of the Q1 supply-chain security program.

  4. Removed2026-01-12
    Mixpanel, Inc.

    Decommissioned Mixpanel after migrating internal product analytics to a first-party pipeline hosted on existing sub-processors (Snowflake, Datadog).

  5. Added2025-12-03
    Google Cloud Platform (EU)

    Expanded hosting to GCP in Belgium and the Netherlands for the Sovereign tier and regional redundancy.

  6. Replaced2025-11-15
    New Relic → Datadog

    Migrated observability to Datadog to consolidate APM, logs, and metrics under a single audit boundary and simplify sub-processor governance.

Regional notes

Not every sub-processor applies to every customer

Customers on the Sovereign tier operate in a single-tenant deployment pinned to a specific region, and only a subset of the sub-processors above is active for that deployment. The applicable subset is set out in a tenancy schedule attached to the Order Form and is available on request from your account engineer.

Customers with regulatory obligations that restrict specific sub-processors (for example, public-sector customers in the European Union or healthcare customers subject to additional localization requirements) may contractually require a tighter sub-processor footprint. We support this through an annexed sub-processor schedule negotiated as part of the Master Subscription Agreement.

Sub-processors used only for internal operations, such as our CRM, ticketing, or contract execution systems, do not process the contents of your ORDENTRA workspace. They hold only commercial contact information and support records relating to named individuals at your organization.

Customers who object to a specific sub-processor for technical or security reasons should contact dpo@ordentra.com to discuss a workable alternative in advance of the end of the notification period.

Questions about this list? Emailsubprocessors@ordentra.com
Related policies

Browse the rest of the legal library

Privacy Policy

How we handle personal data across the platform.

Terms of Service

Commercial terms governing the subscription.

Data Processing Addendum

GDPR-aligned DPA and transfer safeguards.

Accessibility Statement

WCAG 2.2 AA commitment and audit history.