What You Get Use Cases Integrations Customers Blog In-App UX Inspiration File Video Hub Pricing
Try it now

Existing customer? Sign in

Dashboard

Subprocessors

How we keep your data safe and our systems reliable

Summary

Chameleon meets Global Data Privacy standards and is compliant with regulations such as EU GDPR, CCPA and others. This page lists our subprocessors and service providers ("vendors") who may process personal data on behalf of Chameleon and our customers.

For more information:

  • Review our overall security practices and posture here
  • Read more about our GDPR compliance here
  • Email our security team
  • Stay informed about changes via the Security & Privacy Notifications field under Account Settings in your Dashboard

Last Updated: August 2025

Chameleon uses best-in-class products to help us deliver the best functionality and user experience for our customers. Here we outline the vendors we use, their purpose, and what data they may process:

Product infrastructure

Fastly (US-based)

Fastly is a content delivery network that serves as the endpoint for all of our customer-facing APIs and JavaScript delivery. Processes IP addresses and technical identifiers for performance optimization.

Learn about Fastly's GDPR compliance here and its Privacy Policy here.

Heroku (US-based)

Heroku is a cloud platform hosting our application infrastructure. Processes user account data, authentication information, and application usage data necessary for service delivery.

Learn about Heroku's GDPR compliance here and its Privacy Policy here.

MongoDB (US-based, with EU data residency options)

MongoDB is our database provider storing all Chameleon data. Processes customer account information, tour configurations, user interaction data, and analytics as our primary data store.

Learn about MongoDB's GDPR compliance here and its Privacy Policy here.

OpenAI (US-based)

OpenAI powers AI-based features like A/B testing optimization and copy improvement. Processes content data and user preferences when customers actively use these features.

Learn about OpenAI's privacy practices here.

WorkOS (US-based)

WorkOS manages SSO connections for enterprise customers. Processes authentication data and user provisioning information for customers using SSO.

Learn about WorkOS's GDPR compliance here and its Privacy Policy here.

Amazon Web Services (US-based)

AWS hosts parts of the Chameleon platform and stores assets and data. It may process application data (e.g., account metadata, configuration, uploaded assets) and technical logs/identifiers as needed to operate and secure the service.

Learn about AWS’s GDPR posture here and its Privacy Notice here.

Business infrastructure

Tools that support our operations and may process customer data for support, billing, or business intelligence purposes.

Airtable (US-based)

Airtable stores customer support data, bug reports, and issue tracking information. Processes customer contact details and technical support data.

Learn more about Airtable's Security posture here and review its Privacy Policy here.

Anthropic (US-based)

Anthropic products including Claude and APIs are used for workflow automations. Processes operational data and may process customer communications for support automation.

Learn about Anthropic's regulatory compliance here and its Privacy Policy here.

DocuSign (US-based)

DocuSign manages contract execution with enterprise customers. Processes contact information and contract data for customers requiring formal agreements.

Learn about DocuSign's GDPR compliance here and its Privacy Policy here.

Fathom (US-based)

Fathom records and transcribes customer calls when explicitly consented to. Processes voice data, meeting recordings, and participant information for support and communication improvement.

Learn more about Fathom's Security posture here and review its Privacy Policy here.

HubSpot (US-based)

HubSpot is our CRM system tracking customer relationships and account health. Processes customer contact information, company data, usage analytics, and communication history.

Learn about HubSpot's Privacy Policy here.

Linear (EU-based)

Linear manages product development and customer issue tracking. Processes customer identifiers and support request data when issues are linked to specific accounts.

Learn more about Linear's Security posture here and review its Privacy Policy here.

Pipedream (US-based)

Pipedream automates data workflows between systems. Processes customer billing data, usage events, and system integration data in automated workflows.

Learn about Pipedream's Security and Privacy here.

Synder (UK-based)

Synder connects billing data to accounting systems. Processes customer billing information and transaction data for financial reporting.

Learn about Synder's Security and Compliance here and view its Privacy Policy here.

Stripe (US-based, with EU data processing)

Stripe handles all payment processing. Processes customer payment information, billing details, and transaction data with industry-leading security standards.

Learn about Stripe's GDPR compliance here and its Privacy Policy here.

Zapier (US-based)

Zapier creates automated workflows between systems. Processes customer event data, support tickets, and system notifications for operational efficiency.

Learn more about Zapier's Security posture here and review its Privacy Policy here.

Data analytics

Bugsnag (UK-based)

Bugsnag provides error monitoring and crash reporting. Processes technical error data and user session information to identify and resolve application issues.

Learn about Bugsnag's security practices and compliance here and its Privacy Policy here.

Dreamdata (EU-based)

Dreamdata tracks marketing attribution and customer journey analytics. Processes website visitor data, lead information, and conversion events for marketing analysis.

Learn about Dreamdata's GDPR compliance here and its Privacy Policy here.

Hotjar (EU-based)

Hotjar provides website analytics and session replay for chameleon.io. Processes website visitor behavior, IP addresses, and user interaction data for website optimization.

Learn about Hotjar's GDPR compliance here including its Privacy Policy.

Mixpanel (US-based)

Mixpanel tracks product usage analytics. Processes aggregated usage data and feature interaction metrics. Customer end-user data is not directly shared with Mixpanel.

Learn about Mixpanel's GDPR compliance here and its Privacy Policy here.

New Relic (US-based)

New Relic provides application performance monitoring. Processes technical performance data, error logs, and system metrics for application optimization.

Learn about New Relic's security program here and its Privacy Policy here.

Twilio Segment (US-based)

Segment serves as our customer data platform, routing analytics data to other tools. Processes user interaction data, customer identifiers, and event data as a data pipeline.

Learn about Segment's GDPR compliance here and its Privacy Policy here.

Communications and Personalization

Chili Piper (US-based)

Chili Piper automates meeting scheduling for sales prospects. Processes contact information and calendar data for prospects requesting demos or meetings.

Learn about Chili Piper's security practices here and its Privacy Policy here.

Customer.io (US-based)

Customer.io manages email communications with customers. Processes customer email addresses, account information, and communication preferences for product updates and announcements.

Learn about Customer.io's GDPR compliance here including its Privacy Policy.

Intercom (US-based, with EU data residency options)

Intercom powers our customer support platform. Processes customer contact information, support conversations, help article usage, and account data for customer service.

Learn about Intercom's GDPR compliance here and find its Privacy Policy here.

Mutiny (US-based)

Mutiny provides website personalization for chameleon.io visitors. Processes website visitor data, behavioral patterns, and IP addresses for content optimization.

Review Mutiny's Privacy Policy here.

Postmark (US-based)

Postmark delivers transactional emails including login links and team invitations. Processes customer email addresses and authentication data for email delivery.

Learn about Postmark's GDPR compliance here including its Privacy Policy.

Slack (US-based)

Slack serves as our internal communication platform and receives automated notifications about customer events, usage patterns, and support issues for internal operations.

Learn about Slack's GDPR compliance here and its Privacy Policy here.

Unify GTM (US-based)

Unify GTM provides go-to-market orchestration using intent signals and AI for pipeline development. Processes prospect data and engagement patterns for sales optimization.

Learn about Unify GTM's security and compliance here and its Privacy Policy here.

Advertising and Marketing

Google Ads (US-based, with global data processing)

We use Google Ads tracking to display relevant ads to website visitors across Google platforms. Processes website visitor data, IP addresses, and behavioral data for advertising targeting.

Learn about Google's GDPR compliance here and its Privacy Policy here.

You can manage Google's ad settings here.

Meta (Facebook) (US-based, with global data processing)

We use Meta's advertising platform to show ads to website visitors on Facebook and Instagram. Processes website visitor data and behavioral patterns for advertising targeting.

Learn about Meta's GDPR compliance here and its Privacy Policy here.

You can control Facebook's personalized ads here.

LinkedIn (US-based)

We use LinkedIn's advertising platform to display ads to website visitors on LinkedIn. Processes website visitor data and professional engagement patterns for advertising targeting.

Learn about LinkedIn's privacy practices here and how to control personalized ads here.

More information