Subprocessors
Last update:
This page lists the third-party subprocessors (vendors and service providers) that Zenovay Inc. ("Zenovay", "we", "us", or "our") uses to assist in providing, maintaining, and improving our analytics platform and related services.
We carefully select subprocessors that maintain high standards for security, privacy, and data protection. All subprocessors are required to comply with applicable data protection laws and our data processing requirements.
What is a Subprocessor
A subprocessor is a third-party data processor engaged by Zenovay to assist in providing our Services. These subprocessors may process customer data on our behalf for purposes such as:
- Hosting infrastructure and content delivery
- Database management and data storage
- Payment processing and subscription management
- Email delivery and communication services
- Authentication and identity management
- Analytics and monitoring services
Current Subprocessors
The following table lists all active subprocessors used by Zenovay as of the date shown above:
| Subprocessor | Purpose | Location | Website |
|---|---|---|---|
| Cloudflare, Inc. | Content delivery network, DDoS protection, and security services | United States | cloudflare.com |
| Amazon Web Services (AWS) | Cloud hosting infrastructure, compute resources, and data storage | United States, EU | aws.amazon.com |
| Stripe, Inc. | Payment processing, billing, and subscription management | United States | stripe.com |
| Resend, Inc. | Transactional email delivery and notification services | United States | resend.com |
| Vercel, Inc. | Frontend hosting, deployment infrastructure, and edge computing | United States | vercel.com |
| Clerk, Inc. | User authentication, identity management, and session management | United States | clerk.com |
| Supabase, Inc. | Database management, real-time data synchronization, and storage | United States | supabase.com |
Data Processing Standards
All subprocessors listed above are required to:
- Maintain appropriate technical and organizational security measures to protect customer data
- Process data only in accordance with Zenovay's documented instructions
- Comply with applicable data protection laws, including GDPR, CCPA, and other relevant regulations
- Implement data protection impact assessments where required by law
- Notify Zenovay promptly of any data breaches, security incidents, or unauthorized access
- Assist with data subject requests, including access, deletion, and portability requests
- Maintain industry-standard certifications such as SOC 2 Type II, ISO 27001, or equivalent
- Return or delete customer data upon termination of services, as instructed
International Data Transfers
Some of our subprocessors are located outside the European Economic Area (EEA) and may process data in countries that do not provide the same level of data protection as EEA countries.
For transfers of personal data from the EEA to countries without an adequacy decision, we ensure compliance through:
- Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with our subprocessors to ensure adequate protection for data transfers.
- Data Processing Agreements (DPAs): All subprocessors are bound by comprehensive Data Processing Agreements that include appropriate data protection safeguards.
- Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission for certain countries.
- Additional Safeguards: We implement supplementary measures such as encryption in transit and at rest, access controls, and regular security audits.
Updates to This List
Zenovay may add, remove, or replace subprocessors from time to time as our business needs evolve, technology changes, or to improve our Services.
When we make changes to our subprocessors, we will:
- Update this page with the current list of subprocessors
- Update the "Last update" date at the top of this page
- Provide at least 30 days' advance notice to enterprise customers before adding new subprocessors
- Notify enterprise customers via email about material changes to subprocessors
- Provide enterprise customers with the right to object to new subprocessors on reasonable data protection grounds
We recommend checking this page periodically to stay informed about our current subprocessors. You may also subscribe to email notifications about subprocessor updates.
Your Rights
As a Zenovay customer, you have the right to:
- Request information about our subprocessors and their data processing activities
- Object to the use of new subprocessors on reasonable data protection grounds (enterprise customers)
- Receive copies of our Data Processing Agreements upon request (subject to confidentiality obligations)
- Audit our compliance with data protection obligations or appoint a third-party auditor (subject to confidentiality and reasonable notice)
- Terminate your agreement if we cannot address your reasonable objections to a new subprocessor
Enterprise customers with specific data processing requirements may contact us to discuss customized data processing arrangements.
Contact Information
If you have questions about our subprocessors, data processing practices, or would like to subscribe to subprocessor update notifications, please contact us:
Email: privacy@zenovay.com
Support: support@zenovay.com
Address: Zenovay Inc., 415 Branding Street #4200, San Francisco, CA 94105
Related Policies: Privacy Policy • Terms of Service • Cookie Policy • DPA • Acceptable Use • Subprocessors