Sub-processors
Every provider that processes data on our behalf, their function, location, and certifications.
Last updated · May 13, 2026
What are sub-processors?
A sub-processor is any external provider that CauceOS LLC engages to process personal data on our behalf. We only contract sub-processors that offer sufficient guarantees of confidentiality, security, and legal compliance.
All sub-processors have:
- A signed Data Processing Agreement (DPA).
- Technical and organizational security measures equivalent to or stronger than ours.
- A prohibition on using your data to train their own AI models (for AI providers).
Current sub-processor list
Last updated: May 13, 2026 — Version 1.0
| Category | Function | Data location | Certifications |
|---|---|---|---|
| Cloud hosting (frontend and APIs) | Hosts the web app, public APIs, and CDN | US / EU (edge nodes) | SOC 2 Type II |
| Worker infrastructure (real-time) | Runs audio processing, alert engine, and live suggestions | US / EU | SOC 2 Type II |
| Speech-to-text transcription | Converts session audio to text via streaming | US | Signed DPA, no model training |
| Language models — live suggestions | Generates contextual questions and notes during the session | US | Signed DPA, no model training |
| Language models — post-session reports | Generates structured reports (SOAP, DAP, etc.) | US | Signed DPA, no model training |
| Virtual video bot | Joins Google Meet, Microsoft Teams, and Zoom sessions | US | SOC 2 Type II, signed DPA |
| File storage | Stores archived transcripts, PDF reports, and backups | US (multi-region) | AES-256 at rest, SOC 2 Type II |
| Primary payment provider | Processes subscriptions and recurring USD charges | US / global | PCI DSS Level 1, SOC 2 Type II |
| Secondary payment provider | Alternative payment processor | US / global | PCI DSS Level 1 |
| Transactional email | Sends payment confirmations, invoices, and notifications | US | SPF/DKIM/DMARC, SOC 2 Type II |
| Authentication and identity | Manages sign-in, MFA, and user sessions | US / EU | SOC 2 Type II, GDPR Data Region |
| Product analytics | Measures product usage with anonymized data (no session content) | EU (privacy-first) | GDPR-compliant, privacy by design |
| Error monitoring | Logs technical system errors | US | PII scrubbing before ingestion |
Changes to the sub-processor list
CauceOS may add, replace, or remove sub-processors. When we do:
- We will update this page with at least 14 days' notice for significant changes.
- We will notify by email Business Plan users who have executed a specific DPA.
- Pro Plan users can subscribe to sub-processor change notifications from
/app/settings/privacy.
Request a custom DPA
If your organization needs a customized Data Processing Agreement (for example, for GDPR Art. 28, CCPA, LGPD compliance, or internal auditors), write to us at legal@cauceos.com.
See also: Data Processing Agreement (DPA)
Contact
privacy@cauceos.com — For inquiries about sub-processors and data flows.
legal@cauceos.com — To request a custom DPA.