Subprocessors
Third-party services that process customer data on ConvynHQ's behalf.
Last updated: 2026-07-06
Effective date: July 6, 2026
Purpose
This document lists the third-party service providers ("Subprocessors") that ConvynHQ LLC ("ConvynHQ") engages to process personal information on behalf of its customer organizations in connection with the ConvynHQ platform (the "Service").
ConvynHQ uses each Subprocessor for a defined operational purpose, under written contract, and subject to confidentiality obligations and security commitments at least as protective as those ConvynHQ has agreed to provide to its customers. ConvynHQ does not use any Subprocessor for advertising, marketing, or for any purpose unrelated to providing the Service.
Current Subprocessors
As of the Effective Date above, ConvynHQ engages the following Subprocessors:
Database, authentication, file storage
Customer accounts, end-user records (volunteer signups, hours, teams), customer-uploaded files, application logs.
United States (AWS, us-east-1 by default)
Payment processing (ConvynHQ subscription billing + Stripe Connect)
Subscription payment method and billing details (handled by Stripe directly); end-user payment-transaction metadata for customer-initiated transactions; customer name and billing email.
United States
Transactional and notification email delivery
Recipient name and email; message content (signup confirmations, event reminders, team-leader manager links, internal-team notifications).
United States
Application hosting and content delivery
Request metadata (IP address, user agent, page visited) used for routing, rate-limiting, and security monitoring. No application data stored at rest on Vercel.
Multi-region (global CDN; primary US)
Application error monitoring and uptime tracking
Error stack traces, browser metadata (URL, user agent), and the user_id of the affected ConvynHQ staff or volunteer account at the time of the error. No customer-uploaded content or end-user records are sent to Sentry.
United States
Two use cases, each engaged only for customer organizations that have enabled the relevant feature: (1) Outbound voice calling for Advocacy Pro phone banking (click-to-dial), and (2) Automated SMS event reminders (the paid SMS Reminders add-on) sent to end users who have explicitly opted in on the customer's public event signup page.
Phone-banking calls: the phone number of the contact being called (provided by the customer organization's staff via uploaded call list), the phone number of the staff member placing the call, call duration, and call status. ConvynHQ does not record call audio. SMS reminders: the destination phone number of the opted-in end user, the outgoing reminder message text (which identifies the customer organization and the event), delivery metadata (status, timestamps, error codes), and the content of any inbound STOP/HELP-style reply used to manage opt-out. Mobile phone numbers and opt-in status are not shared with third parties for marketing purposes.
United States
Convert end-user street addresses into congressional and state legislative district numbers for the Officials Lookup feature (Advocacy tier).
Street address, city, state, and ZIP code submitted by the end user when taking an advocacy action or used by staff via the Officials Lookup tool. Addresses are sent to the Geocoder service over HTTPS; no personally identifying information beyond the address itself is transmitted.
United States (federal government infrastructure)
Retrieve current U.S. Senate and U.S. House member information by district, and federal bill summaries and actions, for the Advocacy module.
District numbers (derived from address lookups) and bill identifiers searched by the customer organization. No end-user identifying information is transmitted.
United States (federal government infrastructure)
Retrieve state legislator information by district for the Officials Lookup feature.
District numbers (derived from address lookups). No end-user identifying information is transmitted.
United States
Bill keyword search for the Tracked Bills feature in the Advocacy module.
Search keywords entered by the customer organization's staff. No end-user identifying information is transmitted.
United States
Enrich Officials Lookup results for the Advocacy module with publicly listed Congressional office contact information (phone, contact-form URL, DC office address).
No personal data of customer organization staff or end users is transmitted. ConvynHQ fetches a single public JSON snapshot of all sitting members of Congress and caches it server-side.
United States (open-source data hosted on Cloudflare)
Notification of changes
ConvynHQ updates this list when Subprocessors are added, removed, or replaced. Customers who have signed a Data Processing Agreement with ConvynHQ will receive notice prior to a new Subprocessor being engaged, and may object on data-protection grounds within the timeframe set out in the Data Processing Agreement. All other customers should consult this page for the current list.
To subscribe to email notification of Subprocessor changes, contact privacy@convynhq.com.
Stripe-related disclosure
When a customer organization uses Stripe Connect to accept payments from its own end users (for tickets, tables, or donations), end-user payment data flows directly to the customer organization's connected Stripe account. ConvynHQ does not receive, store, transmit, or process payment card numbers. In that flow, Stripe operates under the customer organization's own agreement with Stripe.
Hosting and infrastructure
The Service is hosted in the United States on infrastructure operated by the Subprocessors above. Customers seeking specific data-residency commitments should contact privacy@convynhq.com to discuss available options.
Contact
Questions about ConvynHQ's Subprocessors and our data-protection program can be sent to privacy@convynhq.com.
For details on how we use the data each Subprocessor handles, see the Privacy Policy. For our security posture and incident response, see the Security page.