What You Get Use Cases Integrations Customers Blog In-App UX Inspiration File Video Hub Pricing
Try it now

Existing customer? Sign in

Dashboard

Subprocessors

How we keep your data safe and our systems reliable

Summary

Chameleon meets Global Data Privacy standards and is compliant with regulations such as EU GDPR, CCPA and others. Accordingly we publish our list of subprocessors and service providers ("vendors") below.

For more information:

  • Review our overall security practices and posture here
  • Read more about our GDPR compliance here
  • Email our security team
  • Stay informed about changes via the Security & Privacy Notifications field under Account Settings in your Dashboard

Last Updated: July 2025

Chameleon uses best-in-class products to help us deliver the best functionality and user experience for our customers. Here we outline the vendors we use and their purpose:

Product infrastructure

Fastly

Fastly is a content delivery network that serves as the endpoint for all of our customer-facing APIs, where our JavaScript is loaded from, and where responses are cached for subsequent re-use.

Learn about Fastly's GDPR compliance here and its Privacy Policy here.

Heroku

Heroku is a cloud platform to host and deploy our application code (the basis of the Chameleon software application). This serves as the infrastructure that allows us to log you into the correct account or show you the correct colors when you add a particular HEX code, etc.

Learn about Heroku's GDPR compliance here and its Privacy Policy here.

MongoDB

MongoDB is our database provider, where we store all data associated with Chameleon. This holds the information about the configuration of a tour you created or the history of what a user has seen (to ensure they don't see it again). It's our source of truth and a key component in allowing Chameleon to function.

Learn about MongoDB's GDPR compliance here and its Privacy Policy here.

OpenAI

OpenAI is a tool for using and running AI-based workflows. Chameleon's customers indirectly interact with OpenAI when they use Chameleon's AI features such as A/B testing, copy improvement, etc.

Learn about OpenAI's GDPR compliance here and its Privacy Policy here.

WorkOS

WorkOS is a tool for managing SSO connections for our customers. Customers use the WorkOS portal to configure their connection details and provisioning connection.

Learn about WorkOS's GDPR compliance here and its Privacy Policy here.

Business infrastructure

Tools that are key for us operating the company and enabling the product and other teams.

Airtable

Airtable is a collaborative relational database, spreadsheet, and automation platform that we use for capturing bugs data, and tracking progress of issues, alongside other (non-subprocessor) use cases.

Learn more about Airtable's Security posture here and review its Privacy Policy here.

Anthropic

Anthropic products including Claude, Claude Code, and APIs are used as part of workflow automations.

Learn about Anthropics's regulatory compliance here and its Privacy Policy here.

DocuSign

DocuSign is our contract management tool, which we use to collect e-signatures in contracts with our larger customers.

Learn about DocuSign's GDPR compliance here and its Privacy Policy here.

Fathom

Fathom is a call recording tool that we use alongside Google Meet or Zoom to record, transcribe, highlight, clip calls etc. This help us efficiently follow-up after calls, share relevant insights with others, and support improvements in how we communicate.

Learn more about Fathom's Security posture here and review its Privacy Policy here.

HubSpot

HubSpot is our CRM tool where we track companies interested in purchasing Chameleon and review customer health. We pass data about key events and attributes about customers and companies into this system of record to help us know who to contact, about what, and when.

Learn about HubSpot's Privacy Policy here.

Linear

Linear is a product development tracking and management software; we use this for planning product updates and managing issues (including attaching customer data to those these issues affect).

Learn more about Linear's Security posture here and review its Privacy Policy here.

Pipedream

Pipedream is a platform for automating interactions with APIs and running code in a serverless environment. Chameleon uses Pipedream to automate invoice-based billing, respond to changes in our various systems, and move data around to other relevant systems.

Learn about Pipedream's Security and Privacy here.

Synder

Synder is a piping tool that helps connect Stripe (billing) data into Quickbooks (our financial accounting platform) and so helps us run accounting and revenue analytics.

Learn about Synder's Security and Compliance here and view its Privacy Policy here

Stripe

Stripe is our credit card and payment processing platform. Stripe handles all the sensitive credit card and account information on our behalf so we can rely on their super-secure system and keep your data safe.

Learn about Stripe's GDPR compliance here and its Privacy Policy here.

Zapier

Zapier is a platform for creating manual integrations and automations; Chameleon uses it for routing data between different systems (e.g. support tickets sent from Intercom to Slack) to improve our ability to respond, analyze, communicate etc.

Learn more about Zapier's Security posture here and review its Privacy Policy here.

Data analytics

Dreamdata

Dreamdata is our tool for connecting website visits and inbound leads to new customers and revenue, helping us calculate attribution and better understand which of our marketing campaigns and channels are preferred by users.

Learn about Dreamdata's GDPR compliance here and its Privacy Policy here.

Hotjar

Hotjar is a website analytics and session replay product that helps us see clearly what actions our website visitors take and where they might get stuck or confused. This alerts us to issues that we can resolve.

Learn about Hotjar's GDPR compliance here including its Privacy Policy.

Mixpanel

Mixpanel is an analytics platform that helps us understand what parts of our product users are engaging with. We also track overall tour data by account (e.g., how many tours were started on a certain domain). We don't collect or see any user attribute data you are sending to Chameleon here.

Learn about Mixpanel's GDPR compliance here and its Privacy Policy here.

Twilio Segment

Segment is an API hub; in addition to our database, we send all user interaction and analytics data through Segment and then onwards to other vendors.

Learn about Segment's GDPR compliance here and its Privacy Policy here.

Communications and Personalization

Customer.io

Customer.io helps us manage our email communication (such as feature announcements or blog updates) with our customers.

Learn about Customer.io's GDPR compliance here including its Privacy Policy.

Intercom

Intercom helps us manage our support (tickets and help articles) with our customers. Intercom also supplements our customer data from other sources, and you can read more about this here.

Learn about Intercom's GDPR compliance here and find its Privacy Policy here.

Mutiny

Mutiny is a website AB testing and personalization tool that we use to adapt the web content (on chameleon.io) that appears to visitors (to make it more relevant and effective).

Review Mutiny's Privacy Policy here

Postmark

Postmark is a transactional email management platform. We use it to send emails such as magic login links or when you invite your colleagues to Chameleon.

Learn about Postmark's GDPR compliance here including its Privacy Policy.

Slack

Slack is our internal communications platform (instead of email) and also contains a stream of events that our customers are taking, such as payments, errors, usage, and tickets. This helps everyone know about issues to respond to quickly and provides us a clearer idea of what's happening "in the wild."

Learn about Slack's GDPR compliance here and its Privacy Policy here.

Advertising // review this

AdWords by Google

We use AdWords pixel (cookie) to enable us to show visitors to our website ads about Chameleon and our content on the Google platform. This helps remind prospective customers about Chameleon's value and helps us grow our business.

Learn about AdWords' GDPR compliance here and its Privacy Policy here.

You can learn how to manage Google's ads here.

Facebook (Meta)

We use Facebook pixel (cookie) to enable us to show visitors to our website ads about Chameleon and our content on the Facebook platform. This helps remind prospective customers about Chameleon's value and helps us grow our business.

Learn about Facebook's GDPR compliance here and its Privacy Policy here.

You can learn how to turn off Facebook's personalized ads here.

Twitter

We use Twitter pixel (cookie) to enable us to show visitors to our website ads about Chameleon and our content on the Twitter platform. This helps remind prospective customers about Chameleon's value and helps us grow our business.

Learn about Twitter's GDPR compliance here and its Privacy Policy here.

You can learn how to turn off Twitter's personalized ads here.

Supplementary tools

Calendly // is this really a subprocessor?

Calendly is our meeting scheduling service, helping us find time to talk to our customers and prospects for demo calls, webinars, troubleshooting meetings, etc., which require registration.

Learn about Calendly's Privacy Policy here.

Typeform // is this really a subprocessor?

Typeform is our forms and surveys tool, utilized when gathering ad-hoc customer feedback or for job applications. Chameleon also has a Typeform integration, allowing customers to show Typeform surveys to their customers in-app.

Learn about Typeform's GDPR compliance here and its Privacy Policy here.

Zoom // is this really a subprocessor?

Zoom is used as video conferencing platform in certain support cases.

Learn about Zoom's GDPR compliance here and its Privacy Policy here.

More information