SIKER ("we") uses trusted vendors ("subprocessors" or data processors) that process personal data on our behalf to operate the ecosystem (infrastructure, authentication, payments, communications, analytics, support, and AI). This page fulfills transparency under the SIKER Legal Framework 2025 and institutional Data Processing Agreements (DPA).
1. Scope
This page identifies external processors that handle personal data on SIKER's behalf. It applies to the ecosystem described in the 2025 Legal Framework (siker.info, Auth, Seek, TalentOS, PathMaker, and related services), in coordination with the Privacy Policy and DPAs signed with institutions.
2. General authorization
An institutional client that signs a DPA authorizes SIKER to engage subprocessors listed on this page and those added per the change procedure (section 3). SIKER imposes contractual obligations equivalent to the DPA regarding confidentiality, security, assistance, and data deletion.
3. Changes to subprocessors
When we add or replace a relevant subprocessor:
- We will update the public list at siker.info/subprocessors with the effective date
- We will notify clients with an active DPA at least fourteen (14) days in advance, except for security urgency or legal requirement
- The client may object on substantiated data protection grounds; if no reasonable alternative exists, additional measures or termination may be negotiated per the DPA
4. Subprocessor list
Typical subprocessors in the SIKER ecosystem (the list may vary by product and environment) include:
- Amazon Web Services (AWS) — cloud infrastructure, storage, and compute (US and other regions)
- Google Cloud Platform — hosting, databases, and managed services per deployment
- Stripe — payment processing and subscription billing
- SendGrid (Twilio) — transactional email and notifications
- Mixpanel — product analytics and usage events
- Google Analytics — web visit and behavior metrics (when enabled)
- Intercom — messaging, live support, and user communication
- OpenAI and Anthropic — AI request processing under scoped use policies without unauthorized training on client data
5. Subprocessor obligations
We require subprocessors to: (a) process data only per documented instructions; (b) ensure confidentiality of authorized personnel; (c) implement appropriate security measures; (d) assist with data subject requests and impact assessments when applicable; (e) notify security incidents without undue delay; (f) delete or return data when the service ends, except for legal retention.
6. Enterprise clients
Institutional DPAs may restrict subprocessor categories, require data location in specific regions, or approve additional sub-processors. Audit requests or security questionnaires: dpa@siker.info.
7. Contact
Questions about subprocessors, objection notices, or data processing agreements:
Related documents
Processing of personal data, legal bases, and data subject rights are described in the Privacy Policy.
The authorized, up-to-date list is published at siker.info/subprocessors. B2B clients with a DPA may receive additional notice of material changes.