Trust & Security Center
Sub-Processor List
A sub-processor is a third party that processes customer personal data on Revenue Growth Agent's (RGA's) behalf. This is RGA's current list across the platform — the web app (Meeting Prepper, Discovery, Proposals) and the CRM integrations (Salesforce, HubSpot). It is referenced by the RGA Data Processing Agreement.
Infrastructure & platform
| Sub-processor | Purpose | Data processed |
|---|---|---|
| Vercel | Application hosting (serverless functions), Blob file storage, KV cache | Data in transit; uploaded files (Blob); cached access tokens (KV) |
| Upstash | Powers Vercel KV (Redis) | Cached Salesforce access tokens (short-lived); cached Meeting Prepper prospect enrichment (auto-expiring); rate-limit data |
| Airtable | Primary database | CRM data, prep/discovery/proposal records, and encrypted integration credentials (stored as ciphertext) |
| Clerk | Authentication and identity for the web app | User identity and session data |
| Railway | Hosts the analysis service that processes Discovery transcripts (MEDDIC scoring, themes) | Sales-call transcript content and discovery context |
| Sentry | Error monitoring | Sanitized diagnostics (no personal data or client stack traces) |
| Make.com | Workflow orchestration for select backend automations | Workflow payloads scoped to the automation, which may include business-contact fields and operational metadata |
AI & data providers
| Sub-processor | Purpose | Data processed |
|---|---|---|
| Anthropic (Claude) | AI generation — meeting prep, discovery analysis, proposals | Prospect business-contact data and research context, sent in prompts. API terms prohibit training on submitted data. |
| OpenAI | Generates vector embeddings of uploaded knowledge-base content | Uploaded customer content (to produce embeddings). Used via API under terms that prohibit training on submitted data. |
| Pinecone | Vector store for knowledge-base retrieval (Proposals) | Embeddings of uploaded customer content |
| PitchGhost | Prospect enrichment and recent public social activity | Prospect name, company, and public social signals |
| Brandfetch | Company logo lookup by domain | Company domain only (no personal data) |
CRM & content integrations
These process data only for the integration the customer chooses to connect.
| Service | Purpose | Data processed |
|---|---|---|
| Salesforce | CRM integration | The customer's own CRM data (the integration target) |
| HubSpot | CRM integration | The customer's own CRM data (the integration target) |
| Google (Drive / Sheets) | Optional content import | Only the content a customer chooses to connect and import |
| Dropbox | Optional content import | Only the content a customer chooses to connect and import |
| Stripe | Billing and payments | Billing contact and payment data. Card data is handled entirely by Stripe; RGA does not store it. Stripe does not process CRM or prospect data. |
Marketing site & lead generation
These process website-visitor and inbound-lead data on the public marketing surfaces (revenuegrowthagent.com and hub.revenuegrowthagent.com). They do not process in-app customer data such as CRM records, prospects, transcripts, or uploaded content.
| Sub-processor | Purpose | Data processed |
|---|---|---|
| GoHighLevel | Marketing hub (hub.revenuegrowthagent.com), Privacy & Terms hosting, blog, lead-capture forms, and demo-booking widgets linked from the marketing site | Inbound-lead submissions (name, email, company, message), demo-booking details, and standard web-visitor telemetry on the hub subdomain |
| Google Analytics | Visitor analytics on the public marketing pages | Standard web-analytics data: IP-derived approximate location, device and browser, page views, referral source. No in-app customer data is sent. |
How RGA manages sub-processors
- •New sub-processors are evaluated for their security posture before adoption.
- •This page is RGA's current list of sub-processors and is kept up to date. When the list changes, RGA updates this page.
- •Customers with a Data Processing Agreement may request to be notified of changes. Continued use of the platform after an update constitutes acceptance of the revised list.
Questions about this list, or need a DPA?
Email us and we'll respond promptly, including a Data Processing Agreement for customers who require contractual data-protection commitments.