The following table provides information on Highwire's subprocessors:
| Subproccesor | Purpose of Subprocessing | Data Categories | Safeguards |
| Amazon Web Services | Cloud infrastructure and hosting services | Personal identifiers, usage data, and authentication tokens | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| Atlassian | Issue tracking, bug management, and internal project data | Internal user information, ticket data, attachments | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| HubSpot | CRM and marketing automation | Customer contact info, activity logs, and forms data | SCCs, ISO 27001, Data Privacy Framework |
| Middesk | Business identity verification / KYB, compliance screening, and risk assessment | Business information (for example, legal entity name, EIN/TIN, registration details, address), personal identifiers for associated individuals, verification and screening results | SOC 2 Type II, NIST CSF-aligned security program |
| Pendo | Product analytics, user behavior tracking, in-app guidance, and user feedback/surveys | Usage and interaction data, device/browser metadata, visitor or account IDs, and optional metadata such as email or account name as/if configured | Data Privacy Framework (where applicable), SCCs, ISO 27001, SOC 2 |
| Slack | Internal team communication and collaboration | Message content and uploaded files | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| Stripe | Payment processing (credit cards, billing) | Names, billing info, credit card numbers (tokenized), and email | PCI DSS Level 1, SCCs |
| Twilio SendGrid | Transactional and marketing email delivery | Email addresses, message content, and metadata | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| Zendesk | Customer support platform | User names, contact info, support tickets, and chat data | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
All subprocessors listed above are engaged solely to deliver core business functions.
Transfers outside the EU are subject to the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards as detailed in the Highwire Data Processing Addendum.
Data minimization, encryption in transit/rest, and access controls are enforced according to best practices and Highwire's certifications under ISO/IEC 27001:2022, and AICPA SOC2, Type I.