Effective Date: May 15, 2026 · Last Updated: May 15, 2026
| Subprocessor | Role | Entity / location |
|---|---|---|
| Cloudflare, Inc. | Cloud infrastructure, edge compute, storage (D1, R2, KV), bot mitigation (Turnstile), hosted AI inference (Workers AI, AI Gateway), DNS, CDN, security | United States; global edge network |
| Subprocessor | Role | Entity / location |
|---|---|---|
| Stripe, Inc. | Subscription billing, payment processing, customer portal, Stripe Connect (where used). Cardholder data is handled directly by Stripe; CapchaCloud does not store card numbers or banking details. | United States |
Engaged only when the Customer enables that sign-in method and only when an End User chooses to use it.
| Subprocessor | Role | Entity / location |
|---|---|---|
| Google LLC | Sign in with Google (OAuth) | United States |
| Apple Inc. | Sign in with Apple (OAuth) | United States |
| Microsoft Corporation | Sign in with Microsoft (OAuth) | United States |
| GitHub, Inc. | Sign in with GitHub (OAuth) | United States |
| Meta Platforms, Inc. | Sign in with Facebook (OAuth) | United States |
| LinkedIn Corporation | Sign in with LinkedIn (OAuth) | United States |
| Subprocessor | Role | Entity / location |
|---|---|---|
| Resend / SendGrid / equivalent ESP (as configured per environment) | Transactional and operational email delivery (service notices, security alerts, billing notifications, support responses) | United States |
None as of the Last Updated date.
CapchaCloud will provide at least 15 days’ advance notice of new Subprocessors that Process Customer Personal Data, via the dashboard and (where applicable) by email to support@serviceautomations.ai. Customers may object on reasonable Data Protection grounds; see DPA §7.4 for the objection and termination remedy.
Customers who want to be notified of Subprocessor changes can email support@serviceautomations.ai with the subject line “Subprocessor Notifications.”
End of Subprocessors Policy.