A short list, by design.
WoneSuite runs a sovereign, self-hosted stack — our database, application, analytics, email, and geo-lookup are all our own. That keeps our sub-processor list deliberately minimal, and this page tells you exactly who we rely on and how you're notified when that changes.
At a glance
The short version — before the fine print
Self-hosted by design
Our database, application server, website analytics, email delivery, and geo-lookup all run on our own stack — not outsourced to third parties.
Minimal sub-processors
Because we self-host the core, the only sub-processor we depend on is the cloud infrastructure provider that supplies the servers we run on.
You're notified of changes
We publish sub-processor changes here and offer a way to be notified before a new sub-processor begins processing your data.
Vetted under contract
Any sub-processor we engage is bound by data-protection terms and used only to deliver the service — never for their own purposes.
This summary is for convenience only and does not replace the full text below.
Introduction & Our Sovereign Approach
A sub-processor is a third party WoneSuite engages to help process personal data on behalf of the businesses that use our platform. This page lists them, explains what they do, and describes how we keep the list as short as possible.
WoneSuite is built on a deliberately sovereign, self-hosted stack. Rather than stitching together a dozen external services — one for the database, another for analytics, another for email, another for geo-lookup — we run these ourselves on infrastructure we control. That architecture is not just an operational preference; it is a privacy decision. Every service we do not outsource is one less third party with a path to your data.
A lean sub-processor list is a feature, not a footnote. The fewer parties involved in processing your data, the smaller the surface area for exposure — and the easier it is for you to reason about where your data lives.
What a Sub-processor Is
When you use WoneSuite to process your business, customer, or employee data, you are the controller and WoneSuite acts as your processor. If we, in turn, rely on another company to help us deliver the service — for example the provider of the physical servers our platform runs on — that company is our sub-processor.
Sub-processors act only on our documented instructions, under contractual data-protection terms, and only to the extent needed to run the service. They are not permitted to use your data for their own purposes.
This page concerns sub-processors we engage as part of operating WoneSuite. It does not cover third parties a tenant chooses to connect on their own — those are described separately in the "Tenant-Initiated Third Parties" section below.
What We Self-Host — So It's Not Outsourced
The single biggest reason our sub-processor list is short is that we run the core of the platform ourselves. The following are self-hosted on our own infrastructure and are therefore not handed to any third party:
3.1 Run on WoneSuite's own stack
- PostgreSQL database — where your workspace data lives
- The application server — the platform runtime itself
- First-party website analytics — no third-party tracker
- Email delivery — sent from our own infrastructure
- IP geo-lookup — country derived on our own servers from public allocation data
- Authentication, session, and audit systems
We do not use a third-party analytics vendor, a third-party email service, or a third-party geo-IP vendor. These are built into WoneSuite and operated by us.
Our Sub-processors
Because we self-host the core services above, WoneSuite depends on a minimal set of sub-processors — principally the cloud infrastructure provider that supplies the compute, storage, and network our self-hosted stack runs on.
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Cloud infrastructure (hosting) provider | Compute, storage & network for the platform | All platform data hosted on our servers | Disclosed on request |
A current, specific list — including the provider's identity and processing region — is available on request at privacy@wonesuite.com. We keep the public entry generic here and disclose specifics directly so the list stays accurate as our infrastructure evolves.
We will update this page, and provide a mechanism for you to be notified, before any new sub-processor begins processing your data.
Tenant-Initiated Third Parties
Separately from the sub-processors we engage, a tenant may choose to connect optional integrations to their own workspace. When you do, the third party is engaged at your direction and governed by that third party's own terms and privacy policy — not by our sub-processor commitments. These are your choices, not our sub-processors:
- Search-console connections
- Advertising pixels & conversion APIs
- Payment methods you connect
- Custom-domain DNS providers
For these tenant-initiated integrations, you are responsible for your own lawful basis and for the data you send to the connected provider. WoneSuite passes only what you configure and does not add these providers to our own sub-processor list.
International Transfers & Safeguards
Depending on where our infrastructure provider hosts the servers we run on, your data may be processed or stored in a country other than your own. Where personal data is transferred internationally, we apply appropriate safeguards.
- Data-processing agreements with our sub-processor
- Standard contractual clauses where required
- Encryption in transit
- Database-level tenant isolation (row-level security)
- Least-privilege access controls
The processing region applicable to your workspace is part of the current sub-processor detail we disclose on request.
Notification of Changes & How to Object
We keep this page current. When we intend to add or replace a sub-processor, we will update this page and give affected tenants a way to be notified before the new sub-processor begins processing personal data.
- 1We publish the intended change on this page.
- 2We notify tenants who have subscribed to sub-processor change notices, via the mechanism we provide.
- 3You have an opportunity to review and, where you have a reasonable data-protection objection, raise it with us before processing begins.
- 4If a concern cannot be resolved, you may exercise the remedies set out in your agreement with us.
To subscribe to sub-processor change notifications, or to raise an objection, contact us at privacy@wonesuite.com.
Due Diligence
Before we engage a sub-processor, and on an ongoing basis afterward, we assess it against our privacy and security requirements. Our approach is intentionally conservative — we would rather self-host than add a party we cannot stand behind.
- Contractual data-protection terms
- Purpose limitation — used only to deliver the service
- Security and access-control review
- Data-location and transfer assessment
- Periodic reassessment
- Independent security oversight before changes go live
No system can guarantee absolute security, but binding our sub-processors under contract and keeping their number small is a core part of how we reduce risk.
Contact Us
For the current sub-processor list, to subscribe to change notifications, or to ask any question about how we engage third parties, contact us at privacy@wonesuite.com. We take every request seriously and aim to respond promptly.
WoneSuite Privacy
Want the current sub-processor list, or to be notified before it changes? Reach our privacy team directly.
Fewer parties. More confidence.
The less of your data we hand to anyone else, the more of it stays exactly where you put it — inside a platform we build and run ourselves.

