Current subprocessors
| Entity | System | Location | Purpose |
|---|---|---|---|
| Twilio Ireland Limited | SendGrid | USA | Email delivery for OTP codes, invitations, and notifications |
| Intercom R&D Unlimited Company | Intercom | USA | In-app customer support chat and messaging |
| Functional Software, Inc. | Sentry | EU | Error monitoring and debugging |
| Google Cloud EMEA Limited | Google Cloud | EU | Core backend infrastructure and processing pipeline |
| Cloudflare, Inc. | Cloudflare | EU/USA | CDN, DNS, WAF, and DDoS protection |
| Vercel Inc. | Vercel | EU/USA | Web application hosting and deployment |
| Anthropic PBC | Anthropic | USA | AI model provider for Mjolnir pentest analysis (transient processing, no storage) |
| MongoDB, Inc. | MongoDB Atlas | EU | Primary application database |
| ClickHouse, Inc. | ClickHouse Cloud | EU | Event streaming and observability analytics |
| GitHub, Inc. | GitHub | USA | Repository integration and issue syncing |
This list was last updated on 1 April 2025. For questions about data processing, contact [email protected].
Related agreements
When your organisation first signs in to Odin, an Owner must accept the following agreements before using the platform:- Master Services Agreement (MSA) — the core service terms
- Data Processing Agreement (DPA) — how Borg Security processes personal data
- AI Services Addendum — additional terms for AI-powered features like Mjolnir