![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 392 84" xmlns="http://www.w3.org/2000/svg"><defs ><linearGradient id="KHdlBVDzM-2037857189-linear-gradient" x1="0.49751243781094523" x2="0.5024875621890548" y1="0" y2="1"><stop offset="0" stop-color="rgb(139, 174, 255)"/><stop offset="1" stop-color="rgba(243, 45, 45, 0.2)"/></linearGradient><linearGradient id="cDxFcS0Gh-2037857189-linear-gradient" x1="1.6831485946812565" x2="-0.5845528784578186" y1="-0.7000000000000001" y2="1.6"><stop offset="0" stop-color="rgb(140, 175, 255)"/><stop offset="0.30434782608695654" stop-color="rgb(109, 144, 227)"/><stop offset="1" stop-color="rgb(44, 63, 158)"/></linearGradient><linearGradient id="ntDRMiwH_-2037857189-linear-gradient" x1="0.9929785811171902" x2="0.007021418882809827" y1="0" y2="1"><stop offset="0" stop-color="rgb(140, 175, 255)"/><stop offset="0" stop-color="rgb(109, 144, 227)"/><stop offset="1" stop-color="rgb(44, 63, 158)"/></linearGradient></defs><path d="M 0 0 L 15.663 0 L 15.663 74.348 L 0 74.348 Z M 59.875 0 L 75.438 0 L 75.438 74.348 L 59.875 74.348 Z M 8.525 29.937 L 66.814 29.937 L 66.814 43.617 L 8.525 43.617 Z" fill="rgb(0, 0, 0)" height="74.34776746386652px" id="R6fGi3jY7" transform="translate(74.657 5.953)" width="75.43826082312543px"/><path d="M 34.398 59.28 C 27.789 59.28 21.875 58.025 16.654 55.513 C 11.499 53.001 7.435 49.532 4.461 45.104 C 1.487 40.61 0 35.423 0 29.541 C 0 23.659 1.388 18.537 4.163 14.176 C 7.005 9.748 10.904 6.278 15.861 3.767 C 20.817 1.256 26.5 0 32.911 0 C 39.322 0 44.84 1.454 49.466 4.362 C 54.158 7.203 57.76 11.202 60.271 16.357 C 62.849 21.511 64.137 27.591 64.137 34.597 L 12.193 34.597 L 12.193 23.99 L 56.108 23.99 L 49.565 27.856 C 49.367 24.419 48.541 21.511 47.087 19.132 C 45.633 16.687 43.717 14.804 41.337 13.482 C 38.958 12.16 36.116 11.499 32.812 11.499 C 29.309 11.499 26.27 12.226 23.692 13.68 C 21.115 15.068 19.099 17.017 17.645 19.529 C 16.257 22.04 15.563 25.014 15.563 28.45 C 15.563 32.416 16.456 35.852 18.24 38.76 C 20.024 41.602 22.568 43.782 25.873 45.303 C 29.243 46.823 33.275 47.583 37.967 47.583 C 42.262 47.583 46.591 46.954 50.953 45.699 C 55.315 44.377 59.213 42.593 62.65 40.346 L 62.65 50.854 C 59.015 53.497 54.72 55.579 49.763 57.099 C 44.873 58.553 39.751 59.28 34.398 59.28 Z" fill="rgb(0, 0, 0)" height="59.27993478260868px" id="Qti8hp6m5" transform="translate(162.503 22.508)" width="64.1373913043478px"/><path d="M 1.983 22.602 L 9.616 23.99 L 17.348 22.602 L 17.348 79.403 L 1.983 79.403 Z M 9.616 16.357 C 6.774 16.357 4.461 15.63 2.677 14.176 C 0.892 12.656 0 10.64 0 8.129 C 0 5.683 0.892 3.734 2.677 2.28 C 4.461 0.76 6.774 0 9.616 0 C 12.458 0 14.738 0.76 16.456 2.28 C 18.24 3.734 19.132 5.683 19.132 8.129 C 19.132 10.64 18.24 12.656 16.456 14.176 C 14.738 15.63 12.458 16.357 9.616 16.357 Z" fill="rgb(0, 0, 0)" height="79.40341570381497px" id="atqgKejC9" transform="translate(236.629 0.898)" width="19.132173913043488px"/><path d="M 64.237 40.247 C 64.237 44.212 63.08 47.616 60.767 50.457 C 58.52 53.299 55.149 55.48 50.656 57 C 46.162 58.52 40.61 59.28 34.002 59.28 C 27.194 59.28 21.247 58.421 16.158 56.703 C 11.135 54.984 7.237 52.605 4.461 49.565 C 1.685 46.459 0.198 42.89 0 38.859 L 15.663 38.859 C 16.059 40.776 17.05 42.461 18.637 43.915 C 20.288 45.303 22.436 46.393 25.08 47.186 C 27.723 47.913 30.796 48.276 34.299 48.276 C 39.256 48.276 42.956 47.715 45.402 46.591 C 47.913 45.468 49.169 43.782 49.169 41.536 C 49.169 39.884 48.309 38.661 46.591 37.868 C 44.873 37.009 41.701 36.381 37.075 35.984 L 26.369 35.092 C 20.156 34.563 15.233 33.506 11.598 31.92 C 8.03 30.334 5.485 28.351 3.965 25.972 C 2.445 23.527 1.685 20.917 1.685 18.141 C 1.685 14.11 2.907 10.772 5.353 8.129 C 7.864 5.485 11.301 3.47 15.663 2.082 C 20.09 0.694 25.245 0 31.127 0 C 37.141 0 42.494 0.826 47.186 2.478 C 51.878 4.13 55.612 6.41 58.388 9.318 C 61.229 12.16 62.849 15.497 63.245 19.33 L 47.583 19.33 C 47.318 17.943 46.558 16.621 45.303 15.365 C 44.113 14.043 42.295 12.953 39.85 12.094 C 37.471 11.235 34.299 10.805 30.334 10.805 C 26.038 10.805 22.701 11.334 20.322 12.391 C 18.008 13.449 16.852 14.969 16.852 16.951 C 16.852 18.339 17.546 19.496 18.934 20.421 C 20.388 21.28 23.097 21.875 27.063 22.205 L 40.842 23.395 C 46.855 23.923 51.548 24.948 54.918 26.468 C 58.289 27.922 60.668 29.838 62.056 32.217 C 63.509 34.53 64.237 37.207 64.237 40.247 Z" fill="rgb(0, 0, 0)" height="59.27993478260868px" id="hawlOmO0I" transform="translate(265.098 22.508)" width="64.23652173913041px"/><path d="M 0 26.468 L 0 19.628 L 11.896 16.059 L 18.339 0 L 27.261 0 L 27.261 14.87 L 52.539 14.87 L 52.539 26.468 L 27.261 26.468 L 27.261 48.277 C 27.261 52.77 28.186 55.91 30.037 57.694 C 31.953 59.478 35.158 60.37 39.652 60.37 C 42.494 60.37 45.005 60.106 47.186 59.577 C 49.433 58.983 51.548 58.156 53.53 57.099 L 53.53 69.193 C 51.68 70.052 49.169 70.845 45.997 71.572 C 42.824 72.299 39.586 72.663 36.282 72.663 C 30.532 72.663 25.84 71.737 22.205 69.887 C 18.637 68.037 16.026 65.459 14.374 62.155 C 12.722 58.784 11.896 54.885 11.896 50.457 L 11.896 26.468 Z" fill="rgb(0, 0, 0)" height="72.66254347826086px" id="zoUpiAa2F" transform="translate(334.598 9.126)" width="53.53043478260872px"/><path d="M 0 74.348 L 0 47.609 L 47.609 0 L 74.348 0 Z" fill="url(%23KHdlBVDzM-2037857189-linear-gradient)" height="74.34776086956523px" id="KHdlBVDzM" transform="translate(-0.348 5.953)" width="74.34782611028008px"/><path d="M 31.304 0 L 31.304 31.304 L 0 31.304 Z" fill="rgb(0, 0, 0)" height="31.304282608695672px" id="T30T86M87" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 31.304 31.304 L 31.304 0 L 0 31.304 Z" fill="rgb(26, 26, 26)" height="31.304282608695672px" id="apAet4OjV" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 31.304 31.304 L 31.304 0 L 0 31.304 Z" fill="url(%23cDxFcS0Gh-2037857189-linear-gradient)" height="31.304282608695672px" id="cDxFcS0Gh" transform="translate(30.304 36.605)" width="31.304347826086953px"/><path d="M 47.609 0 L 74.348 0 L 0 74.348 L 0 47.609 Z" fill="url(%23ntDRMiwH_-2037857189-linear-gradient)" height="74.34776086956523px" id="ntDRMiwH_" transform="translate(-0.348 5.953)" width="74.34782611028008px"/></svg>)
Sub-processors
Last updated: March 2025
The following sub-processors assist Heist in processing Customer Data as described in the Data Processing Agreement. Customer Data includes user account data (name, email, workspace membership), test account credentials, session tokens, and application interaction logs generated during security testing, as further described in Annex I of the DPA. For how Heist handles personal data incidentally encountered during testing, see DPA Section 1.5.2.
Customer Data, including findings, test results, user accounts, credentials, and session data, is processed and stored exclusively within the European Union. Transactional email delivery is handled by a US-based provider. These transfers are governed by EU Standard Contractual Clauses. Email content is retained for up to 45 days.
Company | Registration | Address | Services | Processing location |
|---|---|---|---|---|
Google Cloud EMEA Limited | CRO 660412 (Ireland) | 70 Sir John Rogerson's Quay, Dublin D02 R296, Ireland | Cloud infrastructure hosting and compute | European Union |
Supabase Pte. Ltd. | UEN 202005760H (Singapore) | 65 Chulia Street, #38-02/03 OCBC Centre, Singapore 049513 | Database hosting, user authentication, and workspace management | European Union |
Microsoft Ireland Operations Limited | CRO 256796 (Ireland) | 70 Sir John Rogerson's Quay, Dublin D02 R296, Ireland | AI model hosting and inference | European Union |
Langfuse GmbH | HRB 248821 B, Amtsgericht Charlottenburg (Germany) | Gethsemanestr. 4, 10437 Berlin, Germany | AI pipeline monitoring and observability | European Union |
Temporal Technologies, Inc. | LEI 254900HPH40MMDHN3541 (Delaware, USA) | 1209 Orange St, Wilmington, DE 19801, USA | Workflow orchestration | European Union |
PostHog, Inc. | EIN 35-2678319 (Delaware, USA) | 2261 Market Street #4008, San Francisco, CA 94114, USA | Error logging and product analytics | European Union |
ActiveCampaign, LLC (Postmark) | EIN 20-0215482 (Delaware, USA) | 1 North Dearborn St, 5th Floor, Chicago, IL 60602, USA | Transactional email delivery | United States |
Changes to this list
During the current pre-launch period, Heist may update this list at its discretion (see DPA Section 2.2.1). Once the Service reaches general availability, Heist will notify customers at least 30 days before engaging a new sub-processor or making a material change to an existing sub-processor's scope (see DPA Section 2.2.2).