Updated on November 10, 2023. All policies.
Bucket uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed.

Subprocessors are split into two groups:
  • Subprocessors used for data about you (our customer), which Bucket in GDPR terminology is the controller of.
  • Subprocessors used for data about your own customers/users, which Bucket in GDPR terminology is the processor of, and you are the controller of.

Our customers' data #

Bucket is the controller of data about you (our customer). This does not include data about your customers/users.
  • Google. Account authentication. USA.
  • Confluent. Streaming service. EU.
  • Heroku. Server hosting. EU.
  • Heroku Postgres. Database hosting. EU.
  • Datadog. Performance monitoring. All data is wiped after 15 days. EU.
  • Stripe. Payment processing and management. USA.
  • Segment. We send data through Segment to Intercom and Bucket. USA.
  • Slack. Internal and external communication. USA.

Our customers' users' data #

We are a processor of data about your users/customers. We do not share or sell this data with any other providers. We only store it in our data center hosted with Amazon Web Services.
  • Confluent. Queing (Kafka). All servers are located in the EU.
  • Altinity. Database (ClickHouse) hosting. All servers are located in the EU.
This policy have been adapted from the Basecamp open-source policies.