Legal
Subprocessors
Last updated: 28 May 2026
Overview
cmpliance.ai uses a limited set of service providers to operate, secure, support, and improve the Service. This page is a public summary. The applicable customer agreement controls final subprocessor commitments, notice periods, objection rights, data-transfer safeguards, and region commitments.
Provider use may vary by plan, deployment model, feature, and customer configuration.
This public page is category-based for launch-stage transparency. For production or pilot processing of real customer personal data, the applicable customer agreement or DPA package should identify the approved subprocessors, regions, transfer safeguards, notice process, and any customer-specific restrictions.
Current provider categories
| Provider or category | Purpose | Data involved | Notes |
|---|---|---|---|
| Hosting and deployment provider | Public website, application hosting, deployment, edge delivery | Website data, application traffic, operational logs | Region and retention may depend on deployment configuration |
| Managed database provider | Application database | Account data, workflow data, Customer Data where configured | Used for core application persistence |
| Authentication provider | Login, account access, organisation membership, session management | Account-user data, authentication metadata | Used to manage identity and access |
| Object storage provider | Document, evidence, and export storage where configured | Uploaded artifacts, proofpacks, evidence files | Region and bucket configuration are governed by the applicable setup |
| Workflow and event provider | Background workflow execution and event processing | Workflow metadata and task payloads | Used to operate asynchronous platform workflows |
| Email delivery provider | Transactional email, contact replies, notifications | Email address, message metadata, message content where applicable | Used for service and business communications |
| Payment provider | Subscription and billing processing | Billing contact data, payment metadata | Payment card data is handled by the payment provider |
| AI/model provider | AI-assisted extraction, classification, summarisation, embeddings, and generation where enabled | Prompt/input data, extracted text, workflow context, output data | Customer Data is not used to train public or foundation models |
| CMS provider | Public website and insights content management | Public marketing/editorial content and editor metadata | Not intended for Customer Data |
| Monitoring and logging tools | Security, reliability, error diagnosis, abuse prevention | Operational logs, error metadata, usage metadata | Used to maintain service reliability and security |
Customer Data and production processing
Customers should not upload production personal data, sensitive data, special-category data, criminal-offence-related data, or regulated KYC/AML production data unless applicable written terms are in place.
For production or pilot processing of real customer personal data, the signed customer agreement controls:
- Approved subprocessors
- Transfer safeguards
- Data locations
- Notice and objection process
- Audit and security documentation
Changes
We may update this page as providers, features, or deployment models change. Material subprocessor-change notices for active customers are governed by the applicable customer agreement.
Contact
cmp@cmpliance.ai paterhn GmbH, Gotthardstrasse 26, 6300 Zug, Switzerland