Legal
Sub-processors
Effective: 9 May 2026
Overview
Obsidian Dynamics Limited engages the third parties listed below to host and operate the Blackglass service. Each receives only the data it needs to perform the function described, and is bound by a written data processing agreement aligned with UK GDPR / EU GDPR requirements.
The full legal terms — including roles (controller / processor), security obligations, breach notification, deletion, and international transfers — are in our Data Processing Addendum. Categories of personal data and lawful bases are detailed in the Privacy Policy.
Current sub-processors
| Name | Purpose | Data categories | Region |
|---|---|---|---|
| DigitalOcean, LLC | Cloud infrastructure: App Platform (web + workers), Managed Postgres, Managed Redis, Spaces (S3-compatible) for evidence storage. | Account metadata, host telemetry, baseline snapshots, drift events, evidence bundles, audit log entries, transactional logs. | United States and European Union (configurable per workspace) |
| Clerk, Inc. | Authentication, organisation / workspace membership, SAML SSO, SCIM 2.0 provisioning, MFA enforcement. | User identifiers (name, email), organisation membership, session events, authentication metadata. | United States (SCCs in place) |
| Stripe, Inc. | Payment processing, subscription billing, customer portal. | Billing email, Stripe customer ID, subscription status, payment method metadata (held by Stripe, not by us). | United States (SCCs in place) |
| Resend, Inc. | Transactional email: drift alerts, evidence-bundle ready notifications, member invitations. | Recipient email address, message subject and body content, delivery status. | United States (SCCs in place) |
| Sentry (Functional Software, Inc.) | Error monitoring and performance tracing for the console and workers. | Stack traces, request metadata, anonymised user identifier, runtime environment metadata. | United States (SCCs in place) |
| OpenAI / Anthropic (when hosted-LLM remediator enabled)opt-in | Powers the optional Blackglass remediator service when configured to use a hosted LLM (rather than a self-hosted Ollama instance). | Sanitised drift event metadata sent to the model for plan generation. The remediator never sends raw evidence payloads, secrets, or personal data; HITL approval is required before any plan is executed. | United States (provider-dependent SCCs) |
Rows marked opt-in only apply when the related feature is explicitly enabled by an authorised workspace administrator. The optional remediator can also run in a fully self-hosted mode (local Ollama instance) with no third-party LLM provider involved.
Change notification
We maintain this list as the authoritative record of current sub-processors. Where required by your agreement or by law, we will notify you in advance of material changes (a new sub-processor, or a material change in scope of an existing one) so that you have a reasonable opportunity to object before the change takes effect.
To subscribe to material change notifications, or to ask a procurement question, contact [email protected].
Self-hosted deployments
Customers running the Helm chart on their own Kubernetes cluster are themselves the operator: they choose which of the above sub-processors are engaged (Stripe and Clerk are typically replaced by their own SSO / billing stack), and Obsidian Dynamics processes no personal data on their behalf. Setting BLACKGLASS_AIRGAPPED=true short-circuits any outbound calls to public SaaS so the deployment can satisfy strict no-egress requirements.