Legal
Silky Sub-Processors
Last updated: 18 April 2026 - Magic Hire Solutions Limited
Third parties that process Silky customer data on our behalf.
Silky uses the following sub-processors to deliver its Recruitment Automation Platform. A sub-processor is any third party that processes customer data on Silky's behalf. This list is current as of 18 April 2026. We will update it before onboarding any new sub-processor, and existing customers receive 30 days' notice of any material change.
Current sub-processors
| Name | Purpose | Data handled | Location |
|---|---|---|---|
| Supabase, Inc. | Primary database, authentication, and object storage. | All customer and candidate records at rest, including resumes and interview notes. | United States (us-west-1). |
| Anthropic, PBC | Large language model processing (Claude Haiku and Sonnet) for resume parsing, application assessment, candidate summaries, and drafting of emails, offers, and job specifications. | Resume text, job descriptions, candidate notes, and prompts passed to the model. Anthropic does not use data sent via the API to train its models. | United States. |
| OpenAI, LLC | Speech-to-text transcription (Whisper) for voice input in the Silky command bar. | Audio clips dictated by the user. Audio is sent on-demand and is not retained by Silky after transcription. | United States. |
| Resend, Inc. | Transactional and outbound customer email delivery, including magic-link sign-in, candidate correspondence, and digests. | Email addresses, message subject and body, and delivery metadata (bounces, complaints). | United States. |
| Vercel, Inc. | Application hosting, serverless compute, and edge delivery for the Silky web app and APIs. | HTTP requests and responses in transit and short-lived runtime logs. | United States, with a global edge CDN. |
| Inngest, Inc. | Background job and workflow queue for resume parsing, application assessment, webhook dispatch, and scheduled emails. | Job payloads for async work, which may contain candidate identifiers and references to stored records. | United States. |
| Functional Software, Inc. (Sentry) | Error monitoring and performance telemetry for the web app and API. | Error stack traces, request metadata, and user identifiers. Resume text and candidate PII are not sent to Sentry. | United States. |
| Stripe, Inc. | Subscription billing and payment processing for paid Silky plans. | Billing contact name and email, plan and invoice data. Card details are submitted directly to Stripe and are not stored by Silky. | United States. |
| Recall.ai, Inc. | Video meeting attendance and transcription for interview recording across Zoom, Google Meet, and Microsoft Teams. | Meeting audio and video, transcripts, and participant metadata for interviews the customer has opted to record. | United States. |
| WorkOS, Inc. | Single sign-on (SAML and OIDC) and directory sync for enterprise customers. | User identity assertions received from the customer identity provider during sign-in, and directory sync events where enabled. | United States. |
| Upstash, Inc. | Redis caching layer for company context, webhook subscription lookups, and API key authentication. | Short-lived cache entries keyed by company and user identifiers. No resume content is stored in the cache. | United States. |
| Brandfetch B.V. | Company brand enrichment during customer onboarding (logo, colours, industry classification). | Publicly available company domain and returned brand assets. No candidate PII is sent to Brandfetch. | European Union. |
| Firecrawl | Web crawling for company website enrichment during onboarding. | Publicly available company URLs and returned page content. No candidate PII is sent to Firecrawl. | United States. |
Customer-controlled integrations
The following integrations are not Silky sub-processors. The customer authorises each connection themselves, and the third-party provider processes data on the customer's behalf (under the customer's own agreement with that provider), not on Silky's behalf.
| Integration | Why it is not a Silky sub-processor |
|---|---|
| Slack | The customer's own Slack workspace. The Silky Slack app is installed via OAuth per workspace. Messages between Silky and the workspace are governed by the customer's agreement with Slack. |
| Google Calendar | The customer's own Google account. Each recruiter authorises calendar access per user via OAuth. |
| Google Workspace, Microsoft Entra, and other SAML or OIDC identity providers | The customer's identity provider. Silky consumes identity assertions during sign-in. The identity provider is controlled by the customer and its agreement with the provider. |
| X (formerly Twitter) | The customer's own X account, connected to auto-post job ads. Posting is subject to the customer's agreement with X. |
| The customer's own LinkedIn account, where connected for job distribution. | |
| Zoom, Google Meet, and Microsoft Teams | The customer's own video meeting accounts. Silky only attends meetings that the customer invites it to. Where the customer has enabled recording, transcription is performed via Recall.ai (listed above as a Silky sub-processor). |
Changes to this list
Silky will provide at least 30 days' notice before onboarding any new sub-processor or making a material change to this list. Customers with a data processing agreement in place can raise objections in writing before the change takes effect. Notice is delivered by email to the billing contact on record and posted as an update to this page.
Questions
For questions about this list, data processing agreements, or security documentation, contact hello@silky.so.