O
ONX/Subprocessors

Subprocessor List

ONX (Optimal Nexus Ltd) uses the following third-party subprocessors to deliver the platform. Each subprocessor is covered by a Data Processing Agreement (DPA) and, where data is transferred outside the EEA, by Standard Contractual Clauses (SCCs) under GDPR Article 46.

Last updated: July 2026 · To request the full DPA or SCC documentation, contact compliance@optimalnexus.com

Supabase

DPA in place
Database & Authentication
Privacy policy

Purpose

Application database (PostgreSQL), user authentication, row-level security

Data processed

All application data including account, pipeline, and contact records

Location

European Union (AWS eu-north-1, Stockholm)

Transfer safeguard

Not required — data hosted in the EEA

Certifications

SOC 2 Type II, ISO 27001 (AWS infrastructure)

Vercel

DPA in place
Hosting & CDN
Privacy policy

Purpose

Application hosting, serverless edge functions, global content delivery

Data processed

Request data, session tokens, application traffic

Location

United States / Global Edge Network

Transfer safeguard

Standard Contractual Clauses (EU SCCs)

Certifications

SOC 2 Type II

Anthropic

DPA in place
AI Inference
Privacy policy

Purpose

ICP generation, signal analysis, deal recommendations, outreach drafting, AI-assisted insights

Data processed

Company-level context and signals. Outreach drafting and talent matching additionally include limited contact/candidate professional data (e.g. first name, job title, resume text). Not used for model training.

Location

United States

Transfer safeguard

Standard Contractual Clauses (EU SCCs)

Certifications

Enterprise DPA available

People Data Labs

DPA in place
Data Enrichment
Privacy policy

Purpose

Company firmographic enrichment and workforce analytics

Data processed

Company domains, firmographics, aggregate workforce data

Location

United States

Transfer safeguard

Standard Contractual Clauses (EU SCCs)

Certifications

Per PDL DPA

Clay.com

DPA in place
Data Enrichment
Privacy policy

Purpose

Company and contact data enrichment via waterfall enrichment stack

Data processed

Company domain, public LinkedIn URLs, firmographic data

Location

United States

Transfer safeguard

Standard Contractual Clauses (EU SCCs)

Certifications

Per Clay DPA

Perplexity AI

DPA in place
Web Intelligence
Privacy policy

Purpose

Real-time company research and signal discovery

Data processed

Company names, domains, public web context

Location

United States

Transfer safeguard

Standard Contractual Clauses (EU SCCs)

Certifications

Per Perplexity DPA

Resend

DPA in place
Transactional Email
Privacy policy

Purpose

System emails — account notifications, compliance alerts, deal nudges, team invites

Data processed

Email addresses, notification content

Location

United States

Transfer safeguard

Standard Contractual Clauses (EU SCCs)

Certifications

Per Resend DPA

Stripe

DPA in place
Payments
Privacy policy

Purpose

Subscription billing and payment processing

Data processed

Billing contact details, payment card data (held by Stripe, never by ONX)

Location

United States / EU

Transfer safeguard

Standard Contractual Clauses (EU SCCs)

Certifications

PCI DSS Level 1, SOC 2

PostHog

DPA in place
Product Analytics
Privacy policy

Purpose

Product usage analytics to improve the platform

Data processed

Usage events, user identifiers (email), session metadata

Location

European Union (EU Cloud)

Transfer safeguard

Not required — data hosted in the EEA

Certifications

Per PostHog DPA

Sentry

DPA in place
Error Monitoring
Privacy policy

Purpose

Application error tracking and performance monitoring

Data processed

Error metadata, request context, user/tenant identifiers

Location

United States

Transfer safeguard

Standard Contractual Clauses (EU SCCs)

Certifications

SOC 2 Type II

Changes to this list:Optimal Nexus Ltd will provide 30 days' notice of any new subprocessors via in-platform notification and email to the account DPA contact. Customers may object to new subprocessors in accordance with their DPA.

Data Processing Agreement: A DPA is available on request for all paying customers. Enterprise customers may request a mutually negotiated DPA.