← Back to Privacy Policy
ISOXPERT Compliance360

Sub-processors

Last updated: [[YYYY-MM-DD]]

Draft pending completion. Confirm each provider's data-residency region and attach the signed DPA reference before publishing. Complete the [[ … ]] placeholders.

Third parties that process personal data on our behalf to deliver ISOXPERT Compliance360:

Sub-processorPurposeData categoriesLocationTransfer basis
SupabaseDatabase, authentication, hostingAll application data (account, employee, compliance, audit logs)[[region]][[SCCs / adequacy]]
Google (Gemini API)AI drafting & analysisCompliance content submitted to AI featuresUS / globalSCCs; paid API data not used for training
StripeBilling & paymentsOrg, plan, subscription metadata; card data handled by StripeUS / globalSCCs
VercelApp hosting / serverless functionsRequest data in transit; environment secretsUS / globalSCCs
ERP integrations (SAP / Oracle / Odoo)Optional customer-enabled data syncEmployees, customers, suppliers, products, assets, NCRsCustomer-controlledPer customer's own agreements

We notify customers before adding a new sub-processor, per our Data Processing Agreement.