Approved Sub‑processors
Ethara™ carefully vets all service providers for privacy, security, and compliance alignment. We maintain a transparent list of active sub‑processors and publish future candidates for visibility. Clients may subscribe for change notifications.
Active Sub‑processors
| Vendor | Purpose | Region | Data Handled | Safeguards |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Hosting & Storage | Canada / EU | Metadata only | ISO 27001 / SOC 2 |
| Cloudflare | CDN & Edge Security | Global | Transient cache | DPA; GDPR Compliant |
| Zoho | CRM Operations | US / EU | Contact data (encrypted) | DPA; audit controls |
| Google Fonts | Typography Delivery | Global | None (browser request) | Public CDN |
Potential / Future Sub‑processors
These vendors are not currently active but may be added in the future depending on product expansion, enterprise requirements, or infrastructure scaling. Clients will be notified before activation.
| Vendor | Potential Purpose | Region | Data Category | Safeguards |
|---|---|---|---|---|
| Microsoft Azure | Optional compute / AI workloads | Canada / US / EU | Metadata or sandboxed datasets | SOC 2; ISO 27001; regional residency |
| OpenAI Enterprise | Optional LLM inference (contract‑only) | US / EU | Ephemeral prompts (no training) | Enterprise privacy commitments |
| Stripe | Payments (if subscription features launch) | Global | Billing info (tokenized) | PCI‑DSS Level 1 |
| SendGrid / Mailgun | Transactional email | US / EU | Email metadata | DPA; TLS; suppression controls |
Subscribe to updates: dpo@ethara.app