This document provides transparency on third parties (“Processors” and “Sub-Processors”) involved in processing data in connection with ClickTerm services.
Important: Not every vendor listed here processes every customer’s data. Applicability depends on your configuration and enabled features.
Includes only data relating to a customer’s end users interacting with ClickTerm clickwrap flows, such as:
Clickwrap Event metadata (e.g., accept/decline/pending, timestamp)
Technical metadata (e.g., IP address, browser/device information, user agent)
Placeholders (only if you configure ClickTerm to collect them)
Clickwrap Version identifier and audit trail entries
Optional delivery of acceptance documents/certificates (if enabled)
Goal: End-user data is processed using the smallest practical set of providers (primarily hosting and security), with optional providers only when a feature is enabled.
Includes:
Customer company details, billing/invoicing, customer admin users, support/sales communications, internal operations, reporting, accounting, and corporate tooling.
For Scope B, ClickTerm is designed to keep end-user data within a small set of providers:
Core infrastructure hosting
Edge security / traffic protection
Optional services only when you enable specific features (e.g., end-user email delivery)
Name | Purpose | Country | Notes |
|---|---|---|---|
Amazon Web Services | Hosting / storage of clickwrap versions, events, audit trails and related service data | Germany | Core infrastructure |
Cloudflare | Security (CDN/WAF/DDoS), may process IP/traffic metadata | USA | Edge security |
These providers are used for monitoring/observability. ClickTerm aims to avoid storing unnecessary personal data in monitoring tools; however, depending on configuration, technical identifiers may appear.
Name | Purpose | Country | Notes |
|---|---|---|---|
Sentry | Error monitoring | USA | Technical telemetry; configured to minimize personal data |
Datadog | Monitoring/telemetry | USA | Technical telemetry; configured to minimize personal data |
Elasticsearch | Logs/analytics | Norway | Used for operational logging/analytics as applicable |
Name | Purpose | Country | When used |
|---|---|---|---|
Mailgun | Email delivery | USA | Only if you enable end-user email delivery (e.g., acceptance copy / document delivery) |
SendGrid | Email delivery | USA | Only if you enable end-user email delivery (e.g., acceptance copy / document delivery) |
In standard configurations, no additional “Scope B-only Processors” are required beyond the Sub-Processors listed above. If you enable features that route end-user data to additional vendors, those vendors will be added to this Scope B section and will require re-acceptance (see Section 5).
These vendors support ClickTerm corporate operations and customer account administration. They are not required for processing ClickTerm end-user clickwrap flows (Scope B), unless explicitly stated.
Name | Purpose | Country |
|---|---|---|
Atlassian | Project management | Australia |
Calendly | Scheduling services | USA |
Freshworks | Customer Relationship Management | USA |
Reporting services | Ireland | |
Koethe | Accounting services | Germany |
Microsoft Teams | Communication services | Germany |
Salesforce | CRM | Germany |
Slack | Communication services | Ireland |
StatusPage | Communication services | USA |
Tailscale | VPN | Canada |
Zapier | Automation tool | USA |
Zoho | Accounting services | Germany |
Zoom | Communication services | USA |
n8n | Workflow automation / integration | Germany |
TelQ Telecom DOO | Development services | Serbia |
OpenAI (OpenAI Ireland Limited) | AI services (internal productivity) | Ireland |
Note: Core infrastructure vendors that support both Scope A and Scope B (e.g., hosting/security) are listed in Section A to avoid duplication and to keep the end-user list authoritative.
Where customers have granted general authorisation for Sub-Processors, ClickTerm will inform customers of intended additions or replacements of Sub-Processors for Scope A by publishing an updated version of this document in the ClickTerm Admin Console and requiring explicit re-acceptance.
Notice method (written): a new published version of this clickwrap document, presented for acceptance in the Admin Console.
Notice period: changes will take effect no earlier than 30 days after publication of the updated version, unless a shorter timeline is required for urgent security, fraud prevention, or legal compliance.
Opportunity to object: customers may object by declining the updated version within the notice period.
If you decline: ClickTerm may (a) propose a commercially reasonable alternative, (b) disable the affected optional feature, or (c) terminate the affected services in accordance with the Terms/DPA.
This mechanism is intended to satisfy the GDPR/UK GDPR requirement to inform controllers of intended sub-processor changes and give an opportunity to object.
For legal/privacy questions regarding this list, contact: [email protected]