Overview
Revatto, LLC (“Revatto”) engages a limited set of third-party service providers (“Sub-Processors”) to process Personal Data on behalf of our clients in connection with the Services described in our Master Services Agreement and Data Processing Addendum. This page lists those Sub-Processors and is maintained in accordance with Section 7.5 of the Master Services Agreement and Section 8.3 of the Data Processing Addendum.
Revatto remains responsible for the acts and omissions of its Sub-Processors. Each Sub-Processor is bound by a written agreement imposing data protection obligations no less protective than those in our Data Processing Addendum.
Current Sub-Processors
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Railway (Railway Corp.) | Primary cloud infrastructure: managed PostgreSQL database hosting, containerized application service hosting, automated backups with point-in-time recovery, platform-managed encryption at rest. | All Personal Data processed by Revatto (encrypted at rest and in transit). | United States |
| Clerk (Clerk Inc.) | Identity and access management, authentication, Single Sign-On (Azure AD, Google Workspace, SAML 2.0 / OpenID Connect), session management, JWT issuance, and JWKS rotation. | Controller employee names, email addresses, authentication events, session metadata. | United States |
| Temporal Cloud (Temporal Technologies, Inc.) | Workflow orchestration engine; immutable workflow event history for recovery sequences, retry logic, and customer communication workflows. | Workflow payloads that may include Personal Data necessary to execute the workflow (e.g., customer identifiers, event identifiers). | United States |
| Estuary.dev (Estuary Technologies, Inc.) | Change Data Capture pipeline used to ingest supplementary payment-processor object data directly into Revatto's analytics warehouse for certain integrations. | Payment-processor object data in scope of Annex 1.B of the Data Processing Addendum, including embedded Personal Data; encrypted in transit. | United States |
| MotherDuck (MotherDuck, Inc.) | Cloud analytics data warehouse, used for reporting, Commission calculation, and aggregated/de-identified model improvement (subject to Section 15 of the Data Processing Addendum). | Payment-processor object data in scope of Annex 1.B of the Data Processing Addendum, including embedded Personal Data; encrypted at rest. | United States |
| Twilio (Twilio Inc.) | SMS delivery on behalf of Controller. | Customer phone numbers, SMS message content. | United States |
| Sentry (Functional Software, Inc.) | Application error tracking and monitoring. | Incidental Personal Data in error contexts (minimized via sampling, data scrubbing rules, and avoidance of request/response body logging). | United States |
| Google Cloud KMS (Google LLC) | Hardware-security-module-backed key management service (FIPS 140-2 Level 3) holding the secret key used for pseudonymization of direct identifiers under Section 6.5 of the Data Processing Addendum. Key material is not exportable from the HSM. | Plaintext direct identifiers (email, phone) transit over TLS to the HSM for hash computation and are not persisted by Google. | United States |
| PostHog (PostHog, Inc.) | Product analytics, server-side feature-flag delivery, abuse / bot detection on Customer-facing surfaces, and Customer-interaction evidence capture (session replay with input-text masking applied at capture). Used across Revatto's application surfaces, including the Customer payment / retention surface, backend feature-flag evaluation for the operations platform, and the Controller-facing reporting application. PostHog is SOC 2 Type II certified and an active participant in the EU-US Data Privacy Framework, the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework. | Personal Data categories described in Annex 1.B of the Data Processing Addendum (Customer identifiers where surfaced by application configuration, Behavioral and engagement data, Customer session interaction recordings, and Account administration data); encrypted in transit over TLS to PostHog Cloud (US region). | United States (PostHog Cloud US region) |
Client-Directed Systems and OAuth Integrations
Depending on a client's integration configuration, Revatto interacts with third-party systems designated by the client via OAuth authorization or API key provisioning. These systems are under the client's direct contractual relationship with the respective providers and are not Sub-Processors engaged by Revatto; to the extent Revatto processes Personal Data in transit through or via these integrations, Revatto does so as the client's processor under the Data Processing Addendum.
Current categories include:
- Payment processors and subscription billing platforms— used to ingest payment events, retrieve subscription and invoice data, and execute client-authorized recovery actions.
- Email delivery systems— used to send client-directed recovery and re-engagement communications from client-authorized email accounts.
A current list of the specific systems in each category is available to clients upon request to legal@revatto.com.
Notification of Changes
Revatto will provide at least thirty (30) days' advance notice of any intended material addition or replacement of a Sub-Processor by:
- Updating this page with the new or replacement Sub-Processor; and
- Sending email notification to the address associated with each client's account.
Clients may subscribe to change notifications by emailing legal@revatto.comwith the subject line “Subscribe: Sub-Processor Updates.”
Objection Rights
A client may object to a new or replacement Sub-Processor on reasonable data protection grounds by notifying Revatto in writing within fifteen (15) days of the notification described above. The parties will discuss the objection in good faith in accordance with Section 8.4 of the Data Processing Addendum.
Contact
Questions about this page or Revatto's Sub-Processors may be directed to legal@revatto.com.