Sub-processors
Effective: June 3, 2026 · Last updated: June 3, 2026
MantisOps engages the following third-party service providers ("sub-processors") to deliver the Services. Each sub-processor is bound by contract to process customer data only as necessary to provide their service and in line with applicable data-protection law.
Notification of changes. We will notify you by email at least 30 days before adding a new sub-processor that processes customer-identifying data. This page is the authoritative source for the current list — bookmark it or subscribe at
legal@mantisops.net.
Infrastructure
| Sub-processor | Purpose | Data location | Privacy |
|---|
| Cloudflare, Inc. |
Compute (Workers), database (D1), object storage (R2), DNS, CDN, DDoS protection — the entire platform runs on Cloudflare |
Global (US, EU) |
Policy |
Billing
| Sub-processor | Purpose | Data location | Privacy |
|---|
| Stripe, Inc. |
Subscription billing, payment processing, customer portal |
US |
Policy |
Customer support
| Sub-processor | Purpose | Data location | Privacy |
|---|
| HubSpot, Inc. |
Customer support ticketing, live chat, contact management |
US (with EU/UK options for enterprise) |
Policy |
Communications
| Sub-processor | Purpose | Data location | Privacy |
|---|
| Resend |
Transactional email delivery (activation, password reset, billing notifications) |
US |
Policy |
| Microsoft (Graph API) |
Administrative email send-as for support@mantisops.net |
US |
Policy |
| Slack Technologies, Inc. |
Internal alerting for new signups, subscription events, and critical errors. Customer-identifying data limited to email + company name on signup events. |
US |
Policy |
Reference data (public APIs we query, no customer data sent)
| Source | Purpose |
|---|
| NVD (NIST) | CVE / vulnerability metadata for Mantis360 scans |
| EPSS (FIRST) | Exploit Prediction Scoring System data |
| MSRC | Microsoft security update metadata |
| HIBP Pwned Passwords (k-anonymous) | Password breach check on user signup (only first 5 hex chars of SHA-1 sent — your password never leaves the worker) |
| api.qrserver.com | QR-code generation for MFA enrollment (TOTP secret never sent — only the otpauth:// URI) |
Past sub-processors
None at this time.
← Back to MantisOps