Sub-processors

Effective date: 2026-04-27 · Contact: contact@cinderlab.io

This page lists every third party engaged by Threadmaker to process Customer Personal Data on the Controller's behalf, alongside the host platforms that the Controller is independently contracted with. The list is updated at least 30 days before any addition or replacement that materially affects the processing — see the Privacy Policy §4 and the Data Processing Addendum §4.

Engaged by Threadmaker as Sub-processors

Threadmaker contracts these parties, instructs them, and pays them. They process Customer Personal Data on the Controller's behalf within the meaning of GDPR Art. 28.

Parties engaged by Threadmaker as Sub-processors of Customer Personal Data, with processing activity, data categories, region, and transfer mechanism.
Sub-processor	Activity	Categories of data	Region	Transfer mechanism
Cloudflare, Inc. — Workers (USA)	Edge compute (request handling, OAuth callbacks, slash-command and event ingest, cron triggers).	All inbound / outbound Service traffic.	US — region `wnam`	EU-US DPF (primary); SCCs Module 2 (fallback). UK Addendum + Swiss FDPIC Addendum where applicable.
Cloudflare, Inc. — D1 (USA)	Primary tenant database (SQLite). Cloudflare-managed platform AES-256 encryption at rest.	Workspace records, channel-project mappings, comment-mapping records, retry queue, audit log, metrics, slack_users_cache, project_settings.	US — region `wnam`	EU-US DPF + SCCs Module 2.
Cloudflare, Inc. — KV (TENANT_SHARDS) (USA)	Shard-routing lookup cache (workspace_id → shard binding); cache lifetime measured in seconds.	Workspace ID + shard ID only. No message content.	US (replicated edge cache)	EU-US DPF + SCCs Module 2.
Cloudflare, Inc. — R2 (USA)	Daily AES-256-GCM-encrypted full-database snapshots under a Processor-controlled application-layer key (in addition to Cloudflare's at-rest encryption). 90-day rolling retention production / 30-day staging.	Encrypted backup of all Service data.	US — region `wnam` (same Cloudflare account / DPA as Workers and D1)	EU-US DPF + SCCs Module 2.
Cloudflare, Inc. — Cloudflare Access (USA)	Zero-Trust SSO gateway for the operator-only admin portal `tm-admin`; not a Customer-facing surface.	Operator email + SSO assertions only. Customer Data is not exposed via this channel.	US	EU-US DPF + SCCs Module 2.
Functional Software, Inc. (Sentry; USA)	Error reporting only; never message bodies or comment text. Payloads scrubbed of secrets per `SCRUB_KEYS` before transmission.	Stack traces, request route, workspace ID tag, error message text. No user message content; no Slack/Jira content; no OAuth tokens.	United States	EU-US DPF; SCCs Module 2 fallback. Sentry DPA at sentry.io/legal/dpa. May be omitted in self-hosted or air-gapped deployments.
Atlassian, Inc. — Marketplace billing	Engaged narrowly as the channel through which the Controller pays for paid tiers. Atlassian collects subscription fees and remits to Threadmaker net of revenue share.	Atlassian account ID, seat count, billing-period markers. No message content.	Atlassian-managed	Atlassian Customer Agreement + Atlassian DPA.

Host platforms (not engaged as Sub-processors)

The Controller is independently contracted with these platforms; they are listed here for transparency and to disclose the data flow, but Threadmaker does not engage them as Sub-processors within the meaning of GDPR Art. 28 and the Controller's primary contract with each governs.

Host platforms that the Controller is independently contracted with; not engaged by Threadmaker as Sub-processors.
Platform	Role in the data flow	Region	Governing contract
Atlassian, Inc. — Forge plugin runtime	Hosts the Threadmaker Jira plugin inside the Controller's licensed Atlassian tenant; Jira data does not leave Atlassian's infrastructure.	Atlassian-managed (tenant-region-dependent for Jira data)	Controller's Atlassian Cloud Terms / Atlassian DPA. Atlassian's nested Sub-processor list at atlassian.com/legal/subprocessors.
Slack Technologies LLC (Salesforce subsidiary)	Source and sink for synced message data via the OAuth grant the Controller's workspace administrator provided.	Salesforce-managed	Controller's Slack Customer Terms / Slack DPA at slack.com/trust/compliance/dpa.

What is NOT a Sub-processor

Internal CT Core personnel — see Privacy Policy §5 on internal access via the tm-admin administrative tool. Internal staff are not Sub-processors under GDPR Art. 28; their access is governed by confidentiality obligations and the admin_audit_log retention path.
Atlassian Marketplace billing intermediaries — Atlassian remits Marketplace fees through their own banking / PSP partners. We do not process payments and do not engage payment processors of our own.
Cloudflare-internal Sub-processors — Cloudflare's own Sub-processor list is published at cloudflare.com/cloudflare-customer-subprocessors and is incorporated by reference under Cloudflare's DPA.

Change-notification subscription

To receive advance notice of Sub-processor additions or replacements, register a procurement-contact email at /dpa-contact (self-service form for procurement, legal, or DPO teams to subscribe independently of the technical admin who installed the Service). Notice is also delivered to the Atlassian Marketplace billing-account email and, as an operational fallback, displayed in the Slack App Home tab and the Forge plugin admin page in Jira; in-product notices do not substitute for written notice. Errors, omissions, or one-off subscription requests: dpo@cinderlab.io.

Last reviewed

This list was last reviewed on the page's "Effective date" shown above. Material changes are accompanied by a 30-day advance-notice cycle.