Last updated · May 25, 2026
Honest Dev LLC ("we", "us", "our") uses the following third-party service providers to operate the PilotPM platform and Site. Each is a "sub-processor" under California Consumer Privacy Act (CCPA/CPRA) terminology and is bound by contract to use information only to provide services to us and to protect it under standards consistent with our Privacy Policy.
This list is canonical — we update it whenever we add, remove, or materially change a sub-processor. The list is referenced from §5.1 of the Privacy Policy and §6.6 of the paid-tier Master Service Agreement.
| Sub-processor | Purpose | Data scope | Region |
|---|---|---|---|
| Hostinger | Application + database hosting (VPS) | All Customer Data + workspace activity | United States |
| Anthropic | Large language model API (Claude) for AI-drafted replies, classification, summarization | Prompts derived from Customer Data; no training on Customer Data under contract. Cloud infrastructure: Microsoft Azure (effective 2026-03-26). | United States |
| OpenAI | Embeddings (text-embedding-3-small) for semantic clustering of customer signals | Sanitized message excerpts; no training under contract | United States |
| Neon | Managed Postgres database hosting | All Customer Data (structured records, encrypted at rest); no training under contract. Infrastructure provider: Microsoft Azure (added 2026-04-16). | United States |
| Stripe | Payment processing for paid-tier subscriptions | Billing name, address, payment method (card numbers stored at Stripe, not by us) | United States |
| Clerk | Authentication + identity management for workspace users | Email, name, OAuth tokens, session metadata | United States |
| Postmark | Transactional email delivery (operator notifications, password resets, CSAT surveys) | Recipient email, message body, delivery telemetry | United States |
| Sentry | Error monitoring + crash reporting | Stack traces, sanitized request metadata, user-agent | United States |
These integrate ONLY when the workspace owner explicitly connects them via OAuth on /integrations. The data scope is bounded by the OAuth grant.
| Sub-processor | Purpose | Data scope |
|---|---|---|
| Slack | Channel ingest + workspace notifications | Messages, channel metadata for the connected workspace |
| HubSpot | CRM context (companies, deals, contacts) | Companies, deal amounts/stages, contacts as scoped by OAuth |
| Jira | Engineering signal ingest (bug correlation) | Issue metadata for the connected project |
| Linear | Engineering signal ingest | Issue metadata for the connected workspace |
| Notion | Knowledge-base article ingest | Pages from the connected workspace |
| Snowflake | Customer data warehouse joins (Read-only) | Query results limited to the role you grant; we never write |
| WhatsApp Business | Inbound + outbound on the WhatsApp channel | Messages, sender phone numbers |
| Instagram / Messenger / Pancake / Zalo | Inbound + outbound on respective channels | Messages, sender metadata |
| Freshdesk / Zendesk / Salesforce | Inbound ingest from existing helpdesks during dual-tool periods | Tickets and conversation history per the OAuth scope |
Every material sub-processor is chosen by these criteria, in this order:
When a sub-processor is added, removed, or materially changed:
The "Last updated" date at the top of this page reflects the most recent change.
Questions about this list or our sub-processor selection process:
Honest Dev LLC
Attn: Privacy
support@pilotpm.ai
This page is informational. The contractual obligations governing sub-processors live in the Privacy Policy for free-tier users, and the Master Service Agreement (linked at checkout) for paid-tier customers.