Subprocessors
Effective May 16, 2026 · Avalon Flow Inc., a subsidiary of Questili LLP · support@avalonflow.com
For this policy, "Avalon," "we," "us," or "our" means Avalon Flow Inc., a subsidiary of Questili LLP, unless a signed order form or customer agreement identifies a different contracting entity.
This Subprocessor List identifies providers that Avalon uses or may use to provide, secure, support, analyze, bill for, and improve Avalon. Some providers apply only when a feature, deployment path, payment method, support channel, analytics tool, or integration is enabled.
A "subprocessor" is a third-party service provider that may process Customer Content or personal information to help Avalon provide the service. Customer-controlled systems, including customer local models, customer custom endpoints, customer Google accounts/Google Workspace tenants, customer Microsoft tenants, customer Slack workspaces, and customer Salesforce/MCP systems, may process data as customer-selected systems rather than Avalon subprocessors, depending on the configuration.
Core subprocessors
| Provider | Purpose | Use status | Data categories |
|---|---|---|---|
| Google APIs / Gmail / Google Workspace | Gmail mailbox, Google Calendar, Google Drive where enabled, Google identity/OAuth, and Pub/Sub notifications | Core where Google/Gmail features are enabled | account identity, OAuth tokens, mailbox metadata/content, labels, calendar context, Drive/file context where enabled, Pub/Sub metadata |
| Microsoft Graph / Microsoft identity | Outlook/Microsoft mailbox, calendar, identity, OAuth, and Microsoft account integration | Core where Microsoft/Outlook features are enabled | account identity, OAuth tokens, mailbox metadata/content, calendar context |
| Amazon Web Services | Production cloud infrastructure for supported AWS deployment paths, including EC2/ECS/Fargate or related AWS services where configured | Core where Avalon uses an AWS production path | account, workflow, mailbox, AI context, logs, audit, privacy request, and operational data |
| Prisma Postgres | Production database | Core where enabled | account, session, OAuth, mailbox, workflow, Flowboard, AI context, calendar, admin, audit, billing data |
| Upstash Redis/QStash | Queue, cache, retry, idempotency, background processing | Core where enabled | workflow execution and observability metadata |
| Sentry | Error tracking | Core where enabled | error and observability data; account identifiers may appear in diagnostics |
| PostHog | Product analytics | Core where enabled | account and usage analytics metadata |
| Tinybird | Analytics and metrics | Core where enabled | metrics and observability data |
| Datadog | Monitoring, traces, metrics, logs | Core where enabled | observability data |
| Vercel Web Analytics / Speed Insights | Website analytics and performance measurement for Vercel-deployed builds | Core where Vercel analytics or speed insights are enabled | page view, referrer, browser/device, geography, performance, and custom event metadata |
| Resend | Transactional email | Core where enabled | account identity and email delivery metadata |
| Loops | Customer communications | Core where enabled | account identity and communication metadata |
Conditional subprocessors and connected services
| Provider | Purpose | Applies when | Data categories |
|---|---|---|---|
| Slack | Messaging integration | A customer connects Slack | OAuth tokens, Slack identity, channel/message metadata, selected workflow context |
| Salesforce / Salesforce MCP | CRM integration through MCP | A customer connects Salesforce or Salesforce MCP | CRM metadata/content selected by customer configuration |
| OpenAI | Hosted AI provider | Enabled as an AI provider | AI context and relevant mailbox/workflow content |
| Anthropic | Hosted AI provider | Enabled as an AI provider | AI context and relevant mailbox/workflow content |
| Google AI | Hosted AI provider | Enabled as an AI provider | AI context and relevant mailbox/workflow content |
| Groq | Hosted AI provider | Enabled as an AI provider | AI context |
| OpenRouter | Hosted AI router | Enabled as an AI provider or router | AI context and relevant mailbox/workflow content |
| Vercel AI Gateway | Hosted AI gateway | Enabled as an AI gateway | AI context |
| AWS Bedrock | Hosted/private AI provider | Enabled as an AI provider | AI context |
| Perplexity | Hosted AI/search provider | Enabled as an AI/search provider | AI context and relevant mailbox/workflow content |
| Customer custom/local AI endpoints | BYO key, custom endpoint, local model, private model, or self-hosted inference processing | Customer configures customer-controlled model routing | AI context and relevant mailbox/workflow content, controlled by customer configuration |
| Stripe | Payments and subscriptions | Customer pays through Stripe | billing and account identity data |
| Lemon Squeezy | Payments and subscriptions | Customer pays through Lemon Squeezy | billing and account identity data |
| Axiom | Frontend logging and observability | Enabled for observability | observability data |
| Dub | Referral and link analytics | Enabled for referral/link tracking | account and observability metadata |
| Crisp | Customer support chat | Enabled for support chat | account and support metadata |
| Google Tag Manager | Website tag management and marketing/conversion event routing | Enabled when a Google Tag Manager container is configured | page view, event, referral, campaign, device/browser, and conversion metadata; configured tags may process additional marketing metadata |
| Meta Pixel / Conversions API | Conversion analytics and advertising measurement | Enabled for marketing measurement | conversion, campaign, browser/device, event, and observability metadata |
Tag manager and marketing-tag caveat
When Google Tag Manager or a similar tag manager is enabled, the configured container may load or route events to additional analytics, advertising, conversion, or measurement providers. Avalon should not add a new tag that processes personal information or Customer Content unless that provider is reviewed and added to this list or otherwise disclosed where required.
Non-subprocessor operational providers
Some providers support Avalon operations without intentionally processing Customer Content as customer-facing subprocessors. For example, GitHub may be used for source control and CI/CD, and Let's Encrypt / Certbot may be used for TLS certificate issuance and renewal.
Customer-controlled systems
When a customer enables its own Google account/Google Workspace tenant, Microsoft tenant, Slack workspace, Salesforce instance, MCP server, custom endpoint, BYO AI provider, local model, private model, self-hosted inference system, or model gateway, that system may process Customer Content according to the customer's configuration and the system's own terms and security controls. Customers are responsible for confirming authorization, security, licensing, retention, logging, and privacy posture for customer-controlled systems.
Subprocessor changes
Avalon may update this list as providers, features, or deployment paths change. When required by an applicable agreement, Avalon will provide notice of material subprocessor changes through the product, website, email, account notice, or customer agreement process.
Contact
For questions about subprocessors or customer-controlled systems, contact support@avalonflow.com.