Gridheart Sub-processors
Version 2026-03
Gridheart and its affiliates engage the following third-party entities to assist in the provision of services. This list is maintained in accordance with Section 10 of the Gridheart Data Processing Terms.
To receive notifications when this list is updated, contact privacy@gridheart.com.
Service Delivery Sub-processors
These sub-processors are engaged in connection with the services Gridheart distributes and provisions to customers.
| Sub-processor | Country / Region | Purpose | Categories of Personal Data |
|---|---|---|---|
| Acronis International GmbH | Switzerland / EU | Cloud backup, cybersecurity and endpoint protection | Account identifiers, names, email addresses, device identifiers, IP addresses |
| Atera Inc | Israel / USA | Remote monitoring and IT management | Account identifiers, names, email addresses, device identifiers, IP addresses |
| Augmentt Inc | Canada | SaaS security and management | Account identifiers, names, email addresses |
| Avanan (Check Point) | USA / Israel | Cloud email security | Account identifiers, email addresses, IP addresses |
| Bitdefender SRL | Romania (EU) | Endpoint security and threat detection | Account identifiers, device identifiers, IP addresses |
| BitTitan Inc | USA | Cloud migration | Account identifiers, names, email addresses |
| CloudAlly (Zix/OpenText) | Israel / USA | Cloud-to-cloud backup | Account identifiers, names, email addresses |
| Cloudist AB | Sweden (EU) | Cloud service management | Account identifiers, names, email addresses, organization details |
| Cloudmore AB | Sweden (EU) | Cloud service provisioning and marketplace platform | Account identifiers, names, email addresses, organization details |
| ConnectSecure Inc | USA | Vulnerability management and compliance | Account identifiers, device identifiers, IP addresses |
| Cypro AB | Sweden (EU) | Cybersecurity compliance and risk management | Account identifiers, names, email addresses |
| CYVI AB | Sweden (EU) | Cybersecurity assessment platform | Account identifiers, names, email addresses |
| Datto (Kaseya) | USA / EU | Backup, disaster recovery and networking | Account identifiers, names, email addresses, device identifiers, IP addresses |
| DNS Made Easy (Tiggee LLC) | USA | DNS management | Account identifiers, IP addresses, domain data |
| Dropsuite Ltd | Singapore / EU data centers | Email backup and archiving | Account identifiers, names, email addresses |
| Freshworks Inc | USA / India | IT service management (ITSM) | Account identifiers, names, email addresses, IP addresses |
| HaloPSA (Halo Service Solutions) | United Kingdom | PSA and service desk | Account identifiers, names, email addresses |
| Keeper Security Inc | USA | Password management and security | Account identifiers, names, email addresses |
| Microsoft Corporation | USA / EU | Microsoft 365 (CSP), Azure services, email and collaboration | Account identifiers, names, email addresses, IP addresses, device identifiers |
| Nerdio Inc | USA | Azure Virtual Desktop management | Account identifiers, names, email addresses, device identifiers |
| NinjaOne LLC | USA | Endpoint management and backup | Account identifiers, names, email addresses, device identifiers |
| Nord Security (NordLayer/NordPass) | Lithuania (EU) | VPN and password management | Account identifiers, names, email addresses, IP addresses |
| Rewst Inc | USA | IT automation and orchestration | Account identifiers, names, email addresses |
| Seagate Technology (Lyve Cloud) | USA / EU | Cloud object storage | Account identifiers, file metadata |
| Storyals AB | Sweden (EU) | E-learning and Microsoft 365 adoption training | Account identifiers, names, email addresses |
| TitanHQ (Copperfasten Technologies) | Ireland (EU) | Email security and DNS filtering | Account identifiers, names, email addresses, IP addresses |
| usecure Ltd | United Kingdom | Security awareness training and compliance | Account identifiers, names, email addresses |
| Vade SAS | France (EU) | Email security and threat detection | Account identifiers, email addresses, IP addresses |
| Verified International AB | Sweden (EU) | Digital identity verification and e-signing | Account identifiers, names, email addresses, identity data |
| Webroot (OpenText) | USA | Endpoint protection and threat intelligence | Account identifiers, device identifiers, IP addresses |
| WithSecure Corporation | Finland (EU) | Endpoint protection and detection | Account identifiers, device identifiers, IP addresses |
Gridheart Operations Sub-processors
These sub-processors support Gridheart's internal operations and may process Customer Personal Data in connection with service delivery, support and business administration.
| Sub-processor | Country / Region | Purpose | Categories of Personal Data |
|---|---|---|---|
| Anthropic PBC | USA | AI-assisted content generation and support | Names, email addresses, prompt and response data |
| Fortnox AB | Sweden (EU) | Accounting and invoicing | Names, email addresses, billing addresses, payment references |
| Google Ireland Ltd | Ireland (EU) / USA | Google Workspace (email, file storage), Google Analytics, Google Tag Manager | Names, email addresses, IP addresses, usage data |
| Lovable GmbH | Austria (EU) | AI-powered web application development and hosting | Names, email addresses, IP addresses, usage data |
| Microsoft Ireland Operations Ltd | Ireland (EU) / USA | Microsoft 365 (internal email, file storage, Teams) | Names, email addresses, IP addresses |
| OpenAI OpCo LLC | USA | AI-assisted content generation and analysis | Names, email addresses, prompt and response data |
| Pipedrive OÜ | Estonia (EU) / USA | CRM and sales pipeline management, Web Visitors tracking | Names, email addresses, phone numbers, company names, IP addresses, website visit data |
Gridheart Entities
| Entity | Location | Role |
|---|---|---|
| Gridheart AB | Sweden | Primary entity |
Data Center Locations
Information about specific data center locations used for each distributed service is available at gridheart.com/data-processing-terms-services.
For Gridheart's internal operations (email, file storage, CRM), data is primarily processed within the EU/EEA. Where sub-processors operate in the USA, transfers are protected by Standard Contractual Clauses and/or the EU-US Data Privacy Framework.
Changes to This List
Gridheart updates this list when sub-processors are added, removed or changed. In accordance with Section 10.4 of the Data Processing Terms, customers are notified at least 30 days before a new sub-processor begins processing Customer Personal Data.
Previous versions: Version 2018-05