Legal
Sub-processors
Last updated: 2026-05-15
To deliver DashOps reliably and at scale, we engage a small number of trusted third-party service providers ("sub-processors"). Each one has a specific purpose, signs a data-processing agreement (DPA) with us where applicable, and is bound by industry-standard security certifications.
We notify all customers via email at least 30 days before adding or changing a sub-processor that materially handles their data. The list below reflects our current sub-processors as of 2026-05-15.
Purpose: Frontend hosting (this marketing site at dashops.io and the dashboard at app.dashops.io)
Certifications: SOC 2 Type II, ISO 27001, GDPR compliant
Purpose: Backend API hosting (the Node.js / Express server at octatude-dashboard-api.onrender.com)
Certifications: SOC 2 Type II
Purpose: Primary database for account data, advertising metrics, audit logs, and integration tokens (encrypted at rest)
Certifications: SOC 2 Type II, ISO 27001, GDPR + HIPAA compliant
Purpose: Transactional and digest email delivery (account verification, invitations, scheduled reports)
Certifications: SOC 2 Type II
Purpose: Source of advertising data (campaigns, audiences, insights, lead forms) accessed via the Marketing API on your behalf
Certifications: ISO 27001, ISO 27018, SOC 2
Questions or concerns?
If you have questions about how we work with these sub-processors, or if you need a copy of a specific DPA for your records, contact us at privacy@octatude.com.