Effective Date: February 12, 2026
Certivo uses certain third-party subprocessors to assist in providing our services. This page lists all subprocessors we currently engage to process customer data. We are committed to providing at least 30 days advance notice before adding any new subprocessors or making material changes to our existing subprocessors.
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, document storage (S3), database hosting (RDS), secrets management, serverless compute (Lambda). HIPAA BAA in place. | Application data, uploaded documents, database records | United States (us-east-1) |
| Stripe | Payment processing and subscription management | Billing information, subscription data, payment method tokens | United States |
| Resend | Transactional email delivery | Email addresses, email content | United States |
| Sentry | Error tracking and application monitoring | Error reports, browser metadata, request URLs | United States |
| Vercel | Frontend application hosting and CDN | Web traffic, user requests, IP addresses | United States |
We will notify customers at least 30 days in advance before adding new subprocessors or making material changes to existing ones. To subscribe to updates about changes to our subprocessors, please email privacy@certivo.io.
We ensure all subprocessors are bound by data processing obligations no less protective than those in our Data Processing Agreement. Each subprocessor is carefully vetted to maintain the security and privacy standards our customers expect.
If you have questions about our subprocessors, please contact us at privacy@certivo.io.