The following table provides information on Highwire's subprocessors, as approved most recently on 4/20/26.
| Subproccesor | Purpose of Subprocessing | Data Categories | Safeguards |
| Amazon Web Services | Cloud infrastructure and hosting services | Personal identifiers, usage data, and authentication tokens. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| Atlassian | Issue tracking, bug management, and internal project data | Internal user information, ticket data, attachments. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| HubSpot | CRM and marketing automation | Customer contact info, activity logs, and forms data. | SCCs, ISO 27001, Data Privacy Framework |
| Middesk | Business identity verification / KYB, compliance screening, and risk assessment | Business information (for example, legal entity name, EIN/TIN, registration details, address), personal identifiers for associated individuals, verification and screening results. | SOC 2 Type II, NIST CSF-aligned security program |
| Pendo | Product analytics, user behavior tracking, in-app guidance, and user feedback/surveys | Usage and interaction data, device/browser metadata, visitor or account IDs, and optional metadata including email and account name as configured. | Data Privacy Framework (where applicable), SCCs, ISO 27001, SOC 2 |
| Slack | Internal team communication and collaboration | Message content and uploaded files. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| Stripe | Payment processing (credit cards, billing) | Names, billing info, credit card numbers (tokenized), and email. | PCI DSS Level 1, SCCs |
| Twilio SendGrid | Transactional and marketing email delivery | Email addresses, message content, and metadata. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| Zendesk | Customer support platform | User names, contact info, support tickets, and chat data. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 |
| Auth0 (Okta) | Identity and access management, user authentication, and single sign-on (SSO) services | Personal identifiers (name, email address), authentication credentials and tokens, login activity logs, and device/browser metadata. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 Type II, Data Privacy Framework |
| Microsoft Azure (AI Models) | AI model inference services supporting Highwire’s AI-powered application features, including document analysis and safety risk analytics | Document content submitted for AI processing (e.g., safety manuals and related documentation); AI-generated outputs and analysis results. No persistent storage of personal data by the AI model. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 Type II, logically isolated infrastructure (dedicated Azure tenant) |
| Microsoft Azure (Fabric) | Data integration, transformation, and analytics platform supporting internal business intelligence and reporting workflows | Aggregated and de-identified usage and operational data; personal identifiers and account data where included in analytics datasets. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 Type II, role-based access controls, data encryption at rest and in transit |
| Metabase | Business intelligence and data visualization platform used for internal reporting, dashboards, and operational analytics | Aggregated usage and operational data; personal identifiers and account-level data where included in reporting queries or dashboards. | SOC 2 Type II, data encryption at rest and in transit, role-based access controls, Data Processing Agreement (DPA) |
| Twilio | SMS and voice communication services, including delivery of real-time alerts, notifications, and two-factor authentication messages to users | Mobile phone numbers, message content, delivery status metadata, and IP addresses. | Standard Contractual Clauses (SCCs), ISO 27001, SOC 2 Type II, Data Privacy Framework |
All subprocessors listed above are engaged solely to deliver core business functions.
Transfers outside the EU are subject to the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards as detailed in the Highwire Data Processing Addendum.
Data minimization, encryption in transit/rest, and access controls are enforced according to best practices and Highwire's certifications under ISO/IEC 27001:2022, and AICPA SOC2, Type I.