Public Register · CS-DOC-PUBLIC-REG-003
Sub-Processors
Purpose
This list identifies the sub-processors engaged by Certisyn, Inc. for the processing of personal data on behalf of its customers. It is published in fulfilment of the obligation under Article 28(2) of the General Data Protection Regulation to inform the controller in advance of intended changes concerning the addition or replacement of other processors.
| Sub-processor | Service | Region | DPA reference |
|---|---|---|---|
| Supabase, Inc. | Database hosting and authentication | United States; EU regions available | supabase.com/legal/dpa |
| Vercel, Inc. | Application deployment and edge compute | Global | vercel.com/legal/dpa |
| Cloudflare, Inc. | DNS, edge security, DDoS protection | Global | cloudflare.com/cloudflare-customer-dpa |
| GitHub, Inc. | Source-control management and CI | United States | github.com/customer-terms/github-data-protection-agreement |
| Anthropic, PBC | Agentic-workforce LLM (Claude API) | United States | anthropic.com/legal/dpa |
| OpenAI, OpCo, LLC | Reserve LLM provider (failover only) | United States | openai.com/policies/data-processing-addendum |
| Stripe, Inc. | Payment processing | United States; EU regions | stripe.com/legal/dpa |
| Resend, Inc. | Transactional email delivery | United States | resend.com/legal/dpa |
| Datadog, Inc. | Observability and log aggregation | United States; EU regions | datadoghq.com/legal/data-processing-addendum |
| Doppler, Inc. | Secrets management | United States | doppler.com/legal/data-processing-addendum |
Subscribe to change notifications.
Email subprocessors-notify@certisyn.com with the subject line
SUBSCRIBE. We notify of additions, removals, or scope changes at least 14 days in advance.
Right to object
A customer may object to the use of a new sub-processor on reasonable grounds related to data protection. Where the objection cannot be resolved, the customer may terminate the affected processing as set out in the Data Processing Agreement.