Last Updated: December 2025

Chrysalis uses a small set of vetted, security-reviewed service providers (“Subprocessors”) to deliver our products. Each subprocessor must meet security, privacy, and confidentiality obligations at least as strong as those used internally at Chrysalis.

Chrysalis Subprocessors and Service Providers

Google Cloud Platform

Purpose: Hosting, storage, networking, security
Location: United States
Safeguards: SOC 2, ISO 27001, encryption at rest/in transit

GitHub

Purpose: Source code repository, CI/CD integrations
Location: United States
Safeguards: SOC 2

Vanta

Purpose: Continuous compliance monitoring & evidence automation
Location: United States
Safeguards: SOC 2, ISO 27001, encryption at rest/in transit

Prescient Security

Purpose: Independent penetration testing & audit services
Location: United States
Safeguards: Industry-certified auditors

SendGrid (Twilio)

Purpose: Email delivery
Location: United States
Safeguards: SOC 2, ISO 27001

GoHighLevel

Purpose: Optional CRM tooling for sales/support operations
Location: United States
Safeguards: SOC 2

How Subprocessors Are Vetted

Chrysalis performs security, privacy, and compliance reviews on all subprocessors before engagement and continuously monitors for changes. Subprocessor changes will be posted to this page at least 30 days before they take effect.