Current Subprocessors

Last updated: October 2025

Impruve engages the following trusted subprocessors to provide hosting, authentication, payment, analytics, and AI-powered functionality within our platform.
Each subprocessor is contractually required to implement appropriate technical and organizational measures consistent with SOC 2 and GDPR standards. Data shared with these providers is limited to the minimum necessary for them to perform their services, and all transfers occur over encrypted connections (TLS 1.2 or higher).

Amazon Web Services (AWS)
Purpose: Primary cloud infrastructure provider used to host the Impruve application and store encrypted customer data and application files.
Data Shared: Encrypted customer content, metadata, and log data processed through AWS compute and storage services.
Security: AWS maintains SOC 2 Type II, ISO 27001, and GDPR compliance certifications, with encryption at rest and in transit across all services.

MongoDB Atlas
Purpose: Managed database hosting platform used to store application and user data in a secure, scalable environment.
Data Shared: Structured customer data and metadata encrypted using AES-256 at rest and TLS 1.2 + in transit.
Security: MongoDB Atlas is SOC 2 Type II certified and provides continuous backup snapshots with 30-day retention for disaster recovery.

Auth0 (Okta)
Purpose: Provides identity management and secure authentication for user logins via email/password or Google SSO.
Data Shared: User email addresses, login tokens, and authentication metadata necessary for session validation.
Security: Auth0 enforces MFA, session expiration, and encryption for all tokens; it is SOC 2 Type II, ISO 27001, and GDPR compliant.

Stripe
Purpose: Payment processor used for subscription management, invoicing, and secure payment collection.
Data Shared: Payment method tokens, customer name, and billing contact information. No raw card data is stored or accessible by Impruve.
Security: Stripe is PCI-DSS Level 1 certified, ensuring end-to-end encryption and secure tokenization of payment details.

Recall.ai
Purpose: Provides meeting recording and transcription infrastructure for Impruve’s AI-powered notetaker features.
Data Shared: Meeting audio/video streams and metadata (e.g., participants, timestamps) solely for transcription processing.
Security: Data is transmitted over encrypted connections and automatically deleted within 24 hours of transcription completion. Recall is SOC 2, GDPR, HIPAA, CCPA COMPLIANT.

OpenAI
Purpose: Supplies large-language-model processing for text generation, summarization, and contextual analysis within Impruve.
Data Shared: Text inputs such as meeting transcripts, email drafts, or CRM notes relevant to the prompt. No raw financial records or sensitive identifiers are transmitted. All data is minimized, anonymized where possible, and processed via Impruve’s secure API connection (no training use).
Security: Data sent via the OpenAI API is encrypted in transit, retained for ≤ 30 days for abuse monitoring, and not used to train OpenAI models per enterprise API terms.

Perplexity AI
Purpose: Provides context enrichment and news-intelligence lookups used in Impruve’s “Content Studio” and research modules.
Data Shared: Non-personal query strings such as public company names, tickers, or topic keywords; no identifiable user data is transmitted.
Security: Requests are sent over HTTPS and processed transiently; Perplexity does not store or reuse customer data beyond query fulfillment.

PostHog
Purpose: Enables product analytics for usage telemetry and performance insights within the Impruve platform.
Data Shared: Aggregated and anonymized usage metrics (e.g., feature interactions, page load events) with no personally identifiable information.
Security: All analytics data is pseudonymized prior to transfer; PostHog maintains SOC 2 Type II compliance and supports data deletion upon request.

Customers may request notice of updates to this list by contacting support@impruve.com.
Impruve will post all material changes to this page with an updated revision date.