Skip to main content
All CollectionsSecurity & PrivacyRegulatory compliance
Chameleon uses GDPR compliant processors
Chameleon uses GDPR compliant processors

List of the subprocessors we use (and why) and more information about their GDPR policies

Chameleon Team avatar
Written by Chameleon Team
Updated over a week ago

As with any SaaS business, Chameleon uses best-in-class products ("vendors") to help us deliver the best functionality and user experience for our customers. This article gives an overview of what we use and where you can find more information about the GDPR compliance of these vendors. 

To learn more about Chameleon's commitment to GDPR please read this article

To stay informed about any subprocessor changes, please enter your (or whatever appropriate) email address into the Security & Privacy Notifications field under Account Settings in your Dashboard:

Core infrastructure

Heroku

Heroku is a cloud platform to host and deploy our application code (the basis of the Chameleon software application). This serves as the infrastructure that allows us to log you into the correct account, or show you the correct colors when you add a particular HEX code etc. 

Learn about Heroku's GDPR compliance here and its Privacy Policy here.

MongoDB

MongoDB is our database provider, where we store all data associated with Chameleon. This is what holds the information about the configuration of a tour you created or the history of what a user has seen (to ensure they don't see it again). It's our source of truth and key component in allowing Chameleon to function. 

Learn about MongoDB's GDPR compliance here and its Privacy Policy here.

Fastly

Fastly in a content delivery network that serves as the endpoint for all of our customer-facing APIs, where our JavaScript is loaded from, and where responses are cached for subsequent re-use.

Learn about Fastly's GDPR compliance here and its Privacy Policy here.

Data analytics

Mixpanel

Mixpanel is an analytics platform that helps us understand what parts of our product users are engaging with. We also track overall tour data by account (e.g. how many tours were started on a certain domain). We don't collect or see any user attribute data you are sending to Chameleon here. 


Learn about Mixpanel's GDPR compliance here and its Privacy Policy here.

Hotjar

Hotjar is a website analytics and session replay product that helps us see clearly what actions our website visitors take and where they might get stuck or confused. This alerts us to issues that we can resolve.

Learn about Hotjar's GDPR compliance here including its Privacy Policy.

Segment

Segment is an API hub; in addition to our database, we send all user interaction and analytics data through Segment and then onwards to other vendors.

Learn about Segment's GDPR compliance here and its Privacy Policy here.

Billing

Stripe

Stripe is our credit card and payment processing platform. Stripe handles all the sensitive credit card and account information on our behalf so we can rely on their super-secure system and keep your data safe. 

Learn about Stripe's GDPR compliance here and its Privacy Policy here.

Communications

Intercom

Intercom helps us manage our support (tickets and help articles) with our customers. Intercom also supplements our customer data from other sources, and you can read more about this here.

Learn about Intercom's GDPR compliance here and find its Privacy Policy here

Customer.io

Customer.io helps us manage our email communication (such as feature announcements, or blog updates) with our customers.

Learn about Customer.io's GDPR compliance here, including its Privacy Policy.

Postmark

Postmark is an transactional email management platform. We use it to send emails such as magic login links, or when you invite your colleagues to Chameleon. 

Learn about Postmark's GDPR compliance here including its Privacy Policy.

Slack

Slack is our internal communications platform (instead of email) and also contains a stream of events that our customers are taking, such as payments, errors, usage and tickets. This helps everyone know about issues to respond to quickly and provides us a clearer idea of what's happening with "in the wild". 

Learn about Slack's GDPR compliance here and its Privacy Policy here.

Advertising

AdWords by Google

We use AdWord's pixel (cookie) to enable us to show visitors to our website ads about Chameleon and our content on the Twitter platform. This helps reminds prospective customers about Chameleon's value and helps us grow our business. 

Learn about AdWord's GDPR compliance here and its Privacy Policy here. You can learn how to manage Google's ads here.

Facebook

We use Facebook's pixel (cookie) to enable us to show visitors to our website ads about Chameleon and our content on the Facebook platform. This helps reminds prospective customers about Chameleon's value and helps us grow our business. 

Learn about Facebook's GDPR compliance here and its Privacy Policy here. You can learn how to turn off Facebook's personalized ads here.

Twitter

We use Twitter's pixel (cookie) to enable us to show visitors to our website ads about Chameleon and our content on the Twitter platform. This helps reminds prospective customers about Chameleon's value and helps us grow our business. 

Learn about Twitter's GDPR compliance here and its Privacy Policy here. You can learn how to turn off Twitter's personalized ads here.

Supplementary tools

Hubspot

Hubspot is our CRM tool where we track companies that are interested in purchasing Chameleon and review customer health. We pass data about some key events, and also attributes about customers and companies into this system of record, to help us know who to contact, about what, and when.

Learn about Hubspot's Privacy Policy here.

Calendly

Calendly is our meeting schedule service, to us find time to talk to our customers and prospects, for demo calls, webinars, troubleshooting meetings etc. which require registration. 

Learn about Calendly's Privacy Policy here.

Zoom

Zoom is our video conferencing platform. We also use it for hosting webinars or group calls, and this sometimes requires registration. 

Learn about Zoom's GDPR compliance here and its Privacy Policy here.

Pipedream

Pipedream is a platform for automating interactions with APIs and running code in a serverless environment. Chameleon uses Pipedream to automate invoice-based billing, to respond to changes in our various systems, and to move data around to other relevant systems.

Learn about Pipedream's Security and Privacy here.

Typeform

Typeform is our microsurveying tool and we utilize it when gathering ad-hoc customer feedback, or for job applications. Chameleon also has a Typeform integration, meaning customers can show Typeform microsurveys to their customers within their products from Chameleon product tours. 

Learn about Typeform's GDPR compliance here and its Privacy Policy here.

Dreamdata

Dreamdata is our tool for connecting website visits and inbound leads to new customers and revenue.

Learn about Dreamdata's GDPR compliance here and its Privacy Policy here.

DocuSign

DocuSign is our contract management tool, which we use to collect e-signatures in contracts with our larger customers. 

Learn about DocuSign's GDPR compliance here and its Privacy Policy here.

WorkOS

WorkOS is a tool for managing SSO connections for our customers. Customers use the WorkOS portal to configure their connection details and provisioning connection.

Learn about WorkOS's GDPR compliance here and its Privacy Policy here.

OpenAI

OpenAI is a tool for using and running AI-based workflows. Chameleon's customers indirectly interact with OpenAI when they use Chameleon's AI features such as A/B testing, copy improvement, etc.

Learn about OpenAI's GDPR compliance here and its Privacy Policy here.

Last updated: Nov 2023

Did this answer your question?