At Blockit, we are committed to earning and maintaining your trust by protecting your data and being transparent about how it’s handled. As part of delivering our scheduling services, we engage with a limited number of trusted third-party service providers (subprocessors) who process customer data on our behalf.
This document outlines our policies and practices related to subprocessors.
A subprocessor is any third-party vendor that processes personal data on behalf of Blockit in order to help us deliver, improve, or secure our services. This may include infrastructure hosting, email delivery, analytics, AI model orchestration, and authentication tools.
We require all subprocessors to meet rigorous standards for data security, privacy, and compliance. Before onboarding any new subprocessor, we evaluate:
We maintain an up-to-date Subprocessor List detailing:
You can view our full subprocessor list here.
Render Sees and stores scheduling data Our primary hosting provider. Most of our core infrastructure, including API services and databases, is hosted on Render in U.S.-based regions.
Amazon Web Services (AWS) Backup hosting provider. Sees and stores scheduling data Used for backup and redundancy across compute and storage services.
Google Cloud Platform (GCP) Backup hosting provider. Sees and stores scheduling data Used for select secondary infrastructure tasks. All workloads are U.S.-based.
Microsoft Azure Backup hosting provider. Sees and stores scheduling data Used for limited failover and regional redundancy.
PostgreSQL (via Render/AWS) Sees and stores user and scheduling data Structured data (e.g. users, availability preferences, booking history, scheduling messages) is stored in managed PostgreSQL instances.
Slack Sees scheduling requests and message context Used to collect scheduling prompts within Slack conversations. Blockit only accesses messages where it is explicitly invoked.
Postmark Sees message content and recipient emails Used to send transactional emails (e.g. booking confirmations, reminders). No calendar or prompt logic is processed in Postmark.
WorkOS Sees user metadata (name, email) Used for enterprise authentication and single sign-on (SSO).
Front Sees message content and sender metadata Used to manage support inboxes and collaborate on customer support and customer service requests. We may use Front to reference customer message data for non-private customers.
OpenAI Sees scheduling prompt content Used to interpret scheduling messages and generate human-like responses or availability suggestions. Contractually prohibited from training on user data.
Anthropic Sees scheduling prompt content Used to interpret scheduling messages and generate human-like responses or availability suggestions. Contractually prohibited from training on user data.
Vellum Sees prompt content and model configuration metadata Used to orchestrate prompt templates, route model calls, and monitor model outputs.
TensorZero Sees prompt content and model configuration metadata Used to manage prompt templates, route model calls, and observe LLM performance. Functions as our orchestration and observability layer for AI workloads.
Amplitude Sees product usage event data (not scheduling content) Used to track engagement and optimize user experience.
Datadog Sees system logs, no prompt content Used for infrastructure monitoring, alerts, and performance dashboards.
Sentry Sees error logs, no explicit prompt content Used to capture and triage backend and frontend application errors.
Better Stack Sees uptime metrics, no user content Used for uptime and health monitoring of our infrastructure.
Honeycomb Sees application traces and performance data Used for observability and system debugging.
Stripe Sees user billing info (name, email, payment method) Used to securely process payments and store payment information. Stripe is PCI-DSS compliant.
Google Workspace Used for internal collaboration (Docs, Sheets, Gmail). Occasionally used to discuss customer feedback internally.
Notion Used for internal documentation and project tracking. Occasionally used to discuss customer feedback internally.
Linear Used for engineering ticketing and product planning. May include references to customer requests or support messages when tracking and resolving incidents.
These tools may reference support issues or user feedback, but do not store or process raw scheduling data unless it is explicitly shared by the user or the user does not have privacy mode enabled.
For questions about our data practices or security posture, please contact us at [email protected].