Subprocessors
Last updated: 2026-05-31
This is the canonical, authoritative list of the subprocessors CloudAgencyOps engages to process Customer Data. The Terms of Service, the Privacy Policy, the Security page, and the Data Processing Addendum all reference this page so the list cannot drift between pages.
Our subprocessors
We appoint the following subprocessors to help operate the Service. Each is bound to data-protection obligations consistent with our own.
| Provider | Role | Data categories | Region | Privacy |
|---|---|---|---|---|
| Vercel | Application hosting + edge content delivery | Agency account + request data in transit; rendered app pages | United States (iad1) | Link → |
| Neon | Primary Postgres database storage | Agency + user data, client metadata, cost snapshots, access-event metadata, runbooks, report records | United States (US-East) | Link → |
| Polar | Billing / Merchant of Record | Billing identity, payment method (held by Polar), Polar customer ID, card last-4 | European Union + United States | Link → |
| Sentry | Error and performance monitoring | Error events and request context (PII transmission disabled; client AWS data excluded from logs) | United States | Link → |
Customer-controlled services we access
These are not subprocessors we appoint. They are the agency's own services that we read from on the agency's documented instruction. The agency controls these accounts and the access we are granted.
| Service | Role | Data categories | Region | Privacy |
|---|---|---|---|---|
| AWS (your accounts) | Read-only cross-account access to Cost Explorer + CloudTrail in the agency's own AWS accounts | Cost-by-service totals, cost-allocation tags, CloudTrail access-event metadata | Customer-controlled | Link → |
Change notice and objection
We will notify Agencies at least 30 days before adding or replacing a subprocessor that processes Customer Personal Data, except where urgent security, availability, or legal reasons require shorter notice. Agencies may object on reasonable data-protection grounds within the notice period; we will work in good faith to address the objection, and if we cannot, the Agency may terminate the affected portion of the Service as described in the Data Processing Addendum. To receive change notices or to raise an objection, contact privacy@cloudagencyops.com.