Sub-processor catalog
Authoritative list of every third-party processor that may receive customer data. Referenced from the Article 28 DPA template of Iru, the company that builds and operates Hyrax; the customer-facing DPA bundle cites this page for sub-processor disclosure.
Active processors
| Processor | Data shared | DPA / basis | Notes |
|---|---|---|---|
| AWS | Hosting substrate for all customer code, data, operational logs, transactional email, and AI model inference | AWS DPA (account-wide) | All inference runs on Amazon Bedrock managed by Hyrax. We record request metadata and token counts only — no prompt or completion content is written to our logs. Model-provider retention and training terms are governed by AWS's service terms. |
| GitHub | Org/repo connection metadata, install metadata, and webhook deliveries (push payloads include commit metadata + diffs visible to the GitHub App's installed repositories) | GitHub DPA | GitHub is used to connect your organization and repositories. Tokens are short-lived and repo-scoped, never stored long-term. |
| WorkOS | Login identity — email address, and (for social login) the provider account identifier | WorkOS DPA | Authentication provider for customer sign-in (GitHub, Google, or email one-time code). |
| Stripe | Card-on-file, invoice records, and subscription / usage events for billing | Stripe DPA (via Iru's existing Stripe contract) | A Stripe customer record is created only when you first subscribe to a paid plan. |
| PostHog | Product-usage and job-lifecycle events (workspace id, user id, job id, workflow, outcome). No customer code, no AI model content, no secrets. | PostHog DPA (cloud) | Session replay masks every input and all rendered text by default. |
| Linear | Observation titles, descriptions, file paths, and severity labels — only when the customer configures the integration | Linear DPA (customer is controller of their Linear workspace) | Disable the integration in workspace settings to stop emitting. |
Not yet enabled
Wired but not active at launch — no customer data flows to these until the integration is enabled and its DPA is confirmed.
| Processor | Data shared (when enabled) | DPA / basis | Notes |
|---|---|---|---|
| Loops.so | Account-owner contact email + display name + plan tier, and a small set of per-event properties (repo names, finding counts, plan-cap context). No source code, no AI model content, no secrets. | Loops.so DPA (https://loops.so/dpa) | Lifecycle email (welcome, audit summaries, plan-cap nudges). Rolling out in phases — initially only an account-created welcome email. When fully enabled, lifecycle email will be opt-out. |
Review cadence
This catalog is reviewed on every new outbound integration, quarterly by the Hyrax team, and on every DPA renewal.
Cross-references
- Security — what data we keep, how it's protected, and how to delete it.