MuchSkills relies on a carefully selected group of subprocessors to deliver our service securely, efficiently, and in compliance with global data protection standards.
We are transparent about which third-party providers we use, what their roles are, and where they process data. This list is regularly reviewed and updated as our infrastructure and services evolve.
Below is a list of our key subprocessors, including their role, location, and data interaction scope:
| Name | Purpose | Location | Notes |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting infrastructure | Stockholm, Sweden | Primary hosting provider; ISO 27001, SOC 2 certified |
| MongoDB Atlas | Database and encryption services | Stockholm, Sweden | Encrypted-at-rest database; SOC 2, ISO 27001, HIPAA certified |
| Forest Admin | Internal admin interface | EU-based | Self-hosted; Forest has partial access to internal UI layer |
| OpenAI | AI-based skill suggestion (no personal data) | United States | Only anonymized or aggregated data sent; SCCs in place |
| Stripe | Payment processing | EU/US | Customer billing data; PCI DSS certified |
| ActiveCampaign | Email onboarding & marketing automation | Dublin, Ireland | Only used when users opt-in to communication |
| Intercom | Customer support & in-app chat | EU (AWS - Ireland) | End-user support contact information (name/email) |
| Google Workspace | Internal email and file storage | EU-based servers | Communications and support documentation |
| HubSpot | CRM and client onboarding (B2B only) | EU/US | GDPR and CCPA compliant; no end-user data processed |
For security documentation, audit support, or clarification about our subprocessors, contact us at [email protected]. We're happy to support your compliance process.