Platform Policy

Subprocessors

Effective date: April 17, 2026
Last updated: April 17, 2026

Summary

Active subprocessors

Name	Purpose	Data categories	Processing location	DPA
Stripe	Payments, tax calculation, invoices, dunning, payment method management	Billing contact name; Billing email; Payment instrument (card, ACH, etc.); Transaction amount and currency; Tax identifier; IP address (fraud detection)	United States	Link
Cloudflare	DNS for the operator's domain, TLS certificate issuance via DNS-01	Operator DNS records	Global edge; primary United States	Link
Latitude.sh	Bare-metal server provisioning and lifecycle management	Server inventory; Operator contact on the Latitude.sh account	Operator-selected datacenter region	Link
Resend	Transactional outbound email delivery	Recipient email address; Message body and subject; Delivery metadata (bounces, complaints)	United States	Link

Change notification

Email to the administrators on each affected organization plus an entry on /policy/changelog.

Additions take effect 30 days after announcement. The customer may object on reasonable data-protection grounds within the notice window. An entry being removed from this page takes effect immediately; a subprocessor ceasing to process customer data on our behalf is not a change requiring notice.

Changes to this policy

Material changes take effect 30 days after they are announced by email to the administrators on each affected organization. The effective date at the top of this page is the date the current version took effect. Prior versions of all policies live at /policy/changelog, and every change is recorded there in commit-addressable form.

Policy identifier: subprocessors.

Contact

Questions and requests under this policy go to privacy@anveio.com. Security reports go to security@anveio.com and take precedence over routine policy correspondence. GDPR data-protection correspondence may be directed to dpo@anveio.com; abuse reports to abuse@anveio.com.