This list identifies third-party subprocessors authorized to process personal data for BRidge, consistent with our Privacy Policy and Data Processing Addendum (DPA). Each is bound by written terms imposing confidentiality, security, and data protection obligations at least equivalent to those in the DPA.
| Vendor / Service | Purpose | Location | Safeguard (Transfers) | Typical Data Categories |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Primary hosting, storage, backups | United States / Global Regions | SCCs/IDTA as applicable; encryption in transit/at rest | Account metadata, logs, Customer Content at rest, BOL PDFs |
| Supabase | Database hosting & authentication services | United States / EU | SCCs/IDTA; regional hosting options | Account profiles, application data (contracts, inventory), audit records |
| Render | Application deployment & runtime infrastructure | United States | SCCs/IDTA (where applicable) | Transient app data, logs, operational telemetry |
| Cloudflare | CDN, DDoS protection, DNS, edge security | Global | SCCs/IDTA; edge security controls | IP addresses, request headers, performance metrics |
| Stripe, Inc. | Billing & payment processing | United States / Global | SCCs/IDTA; PCI-DSS compliance | Billing contact, org info; no card numbers stored by Atlas |
| Postmark / Mailgun | Transactional email delivery | United States | SCCs/IDTA | Recipient email, message metadata; deliverability logs |
| Sentry | Error tracking & observability | United States / EU | SCCs/IDTA; PII scrubbing rules | Stack traces, sanitized request context, performance metrics |
| Prometheus / Grafana Cloud | Metrics collection & monitoring | United States / EU | SCCs/IDTA | Aggregated service metrics (no content data) |
| Google Workspace | Internal communications, support, documentation | United States / EU | SCCs/IDTA | Support emails, ticket attachments, internal docs |
Notice: Atlas may add or replace subprocessors to support new features or infrastructure. We will post updates on this page and, where required, provide advance notice to customers.
Objection Window: Customers may object to a new subprocessor within 30 days of notice by emailing info@atlasipholdingsllc.com with reasonable, documented grounds related to data protection. Atlas will work in good faith to address concerns (e.g., alternative controls, regional routing) or propose a commercially reasonable alternative.
Customers are responsible for the subprocessors and integrations they enable within their own environments (e.g., data exports, webhooks), and for ensuring those third parties meet their compliance obligations.