This document constitutes a binding registry of authorized data sub-processors.
GDPR ARTICLE 28 COMPLIANT REGISTRY
In accordance with Article 28 of the General Data Protection Regulation (GDPR) and our Data Processing Agreement (DPA), Blankline maintains this comprehensive list of sub-processors that may process personal data on behalf of our customers.
All sub-processors are bound by strict contractual obligations including Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs) where applicable, and appropriate technical and organizational security measures.
Third-party AI service providers that process user prompts, code, and interaction data to deliver AI-powered features.
Services: AI model processing, NLG, code assistance (GPT-4, GPT-5).
Data: User prompts, code snippets, context data.
Safeguards: Zero-retention agreements, no training data usage.
Services: Advanced AI model processing (Claude-3-haiku, Claude-4).
Data: User prompts, code snippets, context data.
Safeguards: Commercial Terms compliance, no training data usage.
Services: Specialized AI model processing (Deepseek-V3).
Data: User prompts, code snippets, technical queries.
Safeguards: API Terms compliance, DPA, encrypted transmission.
Services: AI model processing, advanced reasoning.
Data: User prompts, reasoning queries.
Safeguards: Developer Agreement compliance, data restrictions.
Services: Payment processing, subscription management, fraud prevention.
Data: Billing info, transaction amounts, subscription details.
Safeguards: PCI DSS Level 1, SOC 2 Type II.
Services: Cloud hosting, compute, storage, backups.
Data: Application data, user files, logs.
Safeguards: SOC 1/2/3, ISO 27001, FedRAMP.
Services: Serverless PostgreSQL database.
Data: User accounts, app data, preferences.
Safeguards: SOC 2 Type II, encryption.
Services: Frontend hosting, CDN, performance monitoring.
Data: Visitor data, performance metrics.
Safeguards: SOC 2 Type II, DPA.
Services: Product analytics, feature tracking.
Data: Anonymized usage patterns, metrics.
Safeguards: GDPR compliant, SOC 2 Type II.
Services: Error monitoring, crash reporting.
Data: Error logs, stack traces, diagnostics.
Safeguards: SOC 2 Type II, data scrubbing.
Services: SSO authentication, verification.
Data: Profile info, email, tokens.
Safeguards: OAuth 2.0 standards, encryption.
Services: Developer auth, repo integration.
Data: GitHub profile, email, tokens.
Safeguards: OAuth 2.0 standards, scope limits.
Services: Transactional email delivery.
Data: Email addresses, content, metadata.
Safeguards: GDPR compliance, encryption.
All sub-processors listed above operate under comprehensive contractual obligations that ensure appropriate protection of personal data:
Blankline will provide at least 30 days' advance written notice of any intended changes concerning sub-processors. Customers may object to new sub-processors on reasonable data protection grounds within 15 days of notice.
Data Protection Lead: [email protected]
Legal Notices: [email protected]
BY USING THE DROPSTONE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE REVIEWED THIS SUB-PROCESSOR REGISTRY AND AGREE TO THE APPOINTMENT OF THESE PROCESSORS.