Each one is bound by a data-processing agreement with protections no weaker than the commitments in our own Data Processing Addendum, and none of them ever receives raw PII in the clear — the PII boundary tokenizes identifiers before any document leaves Barkrow infrastructure.
- I
Current subprocessors
Subprocessor Purpose What it processes Location Microsoft Azure Cloud hosting, compute, and document storage; PDF extraction (Azure Document Intelligence) Customer documents and account data, tenant-isolated United States (EU regions on Enterprise) Cloudflare Edge delivery, DNS, and web application firewall Network traffic, request metadata Global edge WorkOS Authentication and single sign-on Account identifiers, authentication data United States Model inference provider Language-model reconciliation Tokenized document text only — never raw PII United States Transactional email provider Account, security, and service emails Recipient email address and message content United States - II
How we manage this list
Vetting. Before we engage a subprocessor, we review its security posture, data-handling practices, and certifications, and we put a data-processing agreement in place.
Notice and objection. We give advance notice before adding or replacing a subprocessor. Customers may subscribe to change notifications and, as described in the DPA, object on reasonable data-protection grounds.
Responsibility. We remain responsible to you for any subprocessor’s performance of these obligations.
- III
Stay notified
To receive notice of changes to this list, write to legal@barkrowsystems.com and ask to be added to subprocessor change notifications.
Questions? Write to legal@barkrowsystems.com.