Sub-processors
Task engages a limited set of sub-processors to operate and deliver the Services. This page lists each current sub-processor, the purpose for which they are engaged, the categories of Customer Data they may process, the location of processing, and a link to the sub-processor's published data processing terms.
Last updated: May 2026
Current sub-processors
| Sub-processor | Purpose | Data processed | Location | Data processing terms |
|---|---|---|---|---|
| Google Cloud Platform | Cloud infrastructure: compute, database, object storage, message queueing, and logging | All Customer Data hosted on the Services | United States (us-central1) | cloud.google.com/terms/data-processing-addendum |
| Anthropic | Foundation model AI services (primary) | Prompts and Customer Data submitted for AI processing | United States | anthropic.com/legal/commercial-terms |
| OpenAI | Foundation model AI services (alternate) | Prompts and Customer Data submitted for AI processing | United States | openai.com/policies/data-processing-addendum |
| Google (Gemini / Vertex AI) | Foundation model AI services (alternate) | Prompts and Customer Data submitted for AI processing | United States | cloud.google.com/terms/data-processing-addendum |
| Portkey | LLM gateway and routing between Task and foundation model providers | Prompts and AI responses in transit | United States | portkey.ai/dpa |
| Firebase | Authentication and identity management | User identity data, authentication tokens, session metadata | United States | cloud.google.com/terms/data-processing-addendum |
| Mailgun | Transactional email delivery (authentication links and platform notifications) | Recipient email addresses and email content | United States | mailgun.com/legal/dpa/ |
| Sentry | Application error tracking and monitoring | Error data, stack traces, and incidental references to user identifiers contained in error context | United States | sentry.io/legal/dpa/ |
Google Cloud Platform
Anthropic
OpenAI
Google (Gemini / Vertex AI)
Portkey
Firebase
Mailgun
Sentry
Notification of changes
Task provides Customers with thirty (30) days' written notice before engaging any new sub-processor that will process Customer Data. Customers may object to a new sub-processor on reasonable data protection grounds; the parties will discuss the objection in good faith, and if unresolved, the Customer may terminate the affected Services and receive a pro-rata refund of prepaid Fees as set out in the Master Service Agreement.
To subscribe to sub-processor change notifications, please contact security@taskeng.ai.
International transfers
All current sub-processors are headquartered in the United States, and Customer Data is processed in the United States. Where Customer Data subject to the GDPR or UK GDPR is transferred to sub-processors outside the EEA, UK, or Switzerland, Task and its sub-processors rely on the European Commission's Standard Contractual Clauses, incorporated by reference through the relevant Data Processing Addenda. Where applicable, Task and its sub-processors additionally rely on the EU-U.S. Data Privacy Framework and its UK and Swiss extensions for transfers to certified U.S. recipients.
Categories of Customer Data processed
The categories of Customer Data processed by sub-processors are as set out in the Data Processing Addendum: names, job titles, organizational data, role and task information, and content submitted by Customer or its Authorized Users.
Task does not knowingly submit special categories of personal data (as defined in GDPR Article 9) or children's data to the Services or to any sub-processor.
This page summarizes Task's current sub-processor engagements for general informational purposes. The authoritative description of Task's sub-processor obligations to a given Customer is set out in the Master Service Agreement, the Data Processing Addendum, and any Customer-specific addenda between Task Engineering, Inc. and that Customer.