Subprocessors
Last updated: May 31, 2026
Document owner: Vendor Risk Management Lead and Data Protection Officer delegate Review cadence: Monthly verification; quarterly formal review; ad hoc on vendor onboarding/offboarding Effective date: 2026-05-31 Processor legal entity: EthicPages, Inc. Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ Primary contact: ethicpages+contact@invictosoft.com
1. Purpose of this page
This page identifies third-party subprocessors authorized by EthicPages, Inc. ("EthicPages," "we," "us") to process personal data on behalf of customers in connection with our services. It is designed for procurement, legal, and security review workflows and should be read with our Data Processing Agreement, Privacy Policy, and Terms of Service.
A subprocessor is a third party engaged by EthicPages to process customer personal data for service delivery, support, security, billing, communication, or related operational needs.
2. Subprocessor governance model
EthicPages applies a risk-based vendor governance process before onboarding any subprocessor and throughout the vendor lifecycle.
2.1 Governance controls
| Control domain | EthicPages approach |
|---|---|
| Due diligence | Security, privacy, legal, and operational review before onboarding |
| Contracting | Written agreements with confidentiality and data protection obligations |
| Access management | Least-privilege scoping of vendor access and credentials |
| Regional review | Assessment of data residency and cross-border transfer impacts |
| Ongoing monitoring | Periodic reassessment and event-driven review on material changes |
| Offboarding | Access revocation and data handling closure procedures |
3. Current subprocessors
The following providers are currently authorized subprocessors for customer data processing in connection with EthicPages operations.
3.1 Core subprocessor inventory
| Subprocessor | Purpose | Processing location(s) | Data processed | Service category |
|---|---|---|---|---|
| Neon | Managed PostgreSQL infrastructure for persistent application data storage | Primarily United States (region by deployment) | Account metadata, workspace content, policy drafts, operational metadata | Database infrastructure |
| Stripe | Payment processing, invoicing, subscription lifecycle handling, fraud controls | United States and other regions operated by Stripe | Billing identifiers, customer email, invoice/payment metadata, limited transaction details | Billing and payments |
| OpenRouter | AI model routing and inference for customer-initiated document generation workflows | United States and other provider-supported regions | Prompt content, generated text, model metadata, request/response telemetry | AI processing |
| Resend | Transactional email delivery (verification, billing notices, account/security communications) | United States and other regions operated by provider | Recipient email, template variables, delivery metadata | Communications |
| Vercel | Application hosting, content delivery, deployment runtime, and edge/network delivery | United States and global edge network locations | Request logs, application responses, operational telemetry, hosted content artifacts | Hosting and delivery |
3.2 Processing purpose detail
| Subprocessor | Detailed purpose | Why required for service |
|---|---|---|
| Neon | Secure relational storage and retrieval of tenant/workspace records | Core data persistence for account and document workflows |
| Stripe | Charging subscriptions and managing invoicing/refund rails | Required to process paid plans: $17/month, $132/year, $750 one-time, $1,200 lifetime |
| OpenRouter | Routing model requests for AI-assisted legal content generation | Enables optional AI drafting features requested by customer users |
| Resend | Delivering service-critical transactional emails | Required for account verification, reset, billing, and incident notices |
| Vercel | Running production app, APIs, and static/edge delivery | Required for secure, performant customer access to the platform |
3.3 Data category detail by subprocessor
| Subprocessor | Identity/contact data | Account/workspace data | Billing data | Content/prompt data | Logs/telemetry |
|---|---|---|---|---|---|
| Neon | Yes | Yes | Limited metadata only | Yes | Limited |
| Stripe | Yes | Limited | Yes | No | Yes |
| OpenRouter | Limited (as present in prompts) | Limited | No | Yes | Yes |
| Resend | Yes | Limited template context | No | Limited message content | Yes |
| Vercel | Limited request metadata | Limited runtime data | No | Hosted content | Yes |
4. Geographic processing and transfer safeguards
EthicPages and its subprocessors may process data in the United States and other jurisdictions relevant to service architecture. Where required, we implement lawful transfer mechanisms, including Standard Contractual Clauses and supplementary safeguards.
4.1 Transfer safeguards matrix
| Safeguard | Application |
|---|---|
| SCCs/UK addendum | Applied for restricted transfers when adequacy is unavailable |
| Contractual privacy clauses | Included in vendor agreements |
| Security controls | Encryption in transit and role-based access controls |
| Data minimization | Processing scoped to service-delivery purposes |
| Vendor reassessment | Triggered by regulatory or architecture change |
For details, see Data Processing Agreement.
5. Change notification process
EthicPages maintains a formal process for adding, replacing, or materially changing subprocessors.
5.1 Notification lifecycle
| Stage | Commitment |
|---|---|
| Planned change identified | Internal legal/privacy/security review is initiated |
| Customer notification | Active customers receive advance notice of material subprocessor change |
| Objection period | Customers may raise reasonable data protection objections within 15 days |
| Resolution handling | Parties work in good faith to address concern through safeguards or alternatives |
| Finalization | If unresolved and legally required, customer may terminate impacted service scope |
5.2 What qualifies as a material change
Material changes may include:
- onboarding a new subprocessor with access to customer personal data;
- replacing a listed subprocessor for an existing processing function;
- significant change to processing purpose, data category scope, or transfer geography.
Routine internal vendor maintenance that does not materially alter data processing risk may be documented without a formal objection workflow.
6. Customer objection process
Customers may object to a new subprocessor on reasonable data protection grounds by submitting written notice to ethicpages+contact@invictosoft.com within the stated objection window.
6.1 Objection submission checklist
| Required item | Description |
|---|---|
| Customer identity | Legal entity name and workspace/account identifier |
| Affected change | Subprocessor name and change notice reference |
| Ground for objection | Specific legal/privacy/security concerns |
| Requested remedy | Proposed mitigation or alternative approach |
EthicPages will evaluate objections in good faith and communicate available mitigations. Where no reasonable resolution is possible, customer remedies follow the Data Processing Agreement.
7. Security and compliance expectations for subprocessors
Each subprocessor is expected to maintain controls appropriate to its role and data access scope, including confidentiality obligations, access restrictions, and incident response capabilities.
7.1 Minimum operational expectations
| Expectation | Description |
|---|---|
| Confidentiality commitments | Contractual confidentiality covering personnel and subcontractors |
| Security baseline | Controls proportionate to processing risk and service criticality |
| Breach communication | Prompt notification to EthicPages for incidents affecting customer data |
| Data handling boundaries | Processing only for authorized service purposes |
| Access limitation | Restricted and auditable access paths |
8. Relationship to customer obligations
This page is intended to support customer legal and procurement review. Customers remain responsible for:
- assessing whether the listed subprocessors meet their own internal policy requirements;
- determining whether additional contractual controls are needed;
- configuring product use to minimize unnecessary personal data exposure;
- avoiding submission of sensitive data not required for service use.
9. Historical records and versioning
EthicPages maintains records of subprocessor list revisions for auditability and legal reference. The effective date and last-updated value identify the currently active version.
9.1 Record retention overview
| Record type | Retention approach |
|---|---|
| Active subprocessor list | Continuously maintained |
| Change notices | Retained according to legal and compliance needs |
| Objection correspondence | Retained with contract and compliance records |
10. Frequently reviewed procurement questions
10.1 Does EthicPages sell customer personal data?
No. EthicPages does not sell customer personal data.
10.2 Are subprocessors allowed to use customer data for their own unrelated purposes?
Subprocessors are engaged to provide services to EthicPages and are contractually restricted to authorized processing purposes.
10.3 Can customers receive notice before new subprocessors are added?
Yes. Material changes are notified with an objection process as described above.
10.4 Where can transfer safeguards be reviewed?
See Data Processing Agreement for transfer mechanisms and legal safeguards.
11. Contact for vendor and subprocessor inquiries
For due diligence requests, legal review packets, or subprocessor objections, contact:
- Email: ethicpages+contact@invictosoft.com
- Postal: EthicPages, Inc., 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
11.1 Inquiry routing table
| Inquiry type | Subject line recommendation |
|---|---|
| Subprocessor objection | "Subprocessor Objection" |
| Vendor diligence request | "Vendor Review Request" |
| Transfer mechanism request | "SCC / Transfer Mechanism Request" |
| Incident-related vendor concern | "Vendor Security Inquiry" |
Related documents: Data Processing Agreement · Privacy Policy · Terms of Service · Cookie Policy · Acceptable Use Policy