Subprocessors
This list identifies service providers and customer-controlled integrations used to operate Verixos. Actual processing may vary by SaaS, enterprise, self-host, GovCloud, on-prem, or air-gapped deployment.
Stripe
Purpose: Payment processing, checkout, invoices, subscription status, customer billing identifiers.
Data: Billing contact data, plan metadata, payment status, invoice metadata, Stripe customer/subscription identifiers.
Resend
Purpose: Transactional email and product communications.
Data: Email address, name, organization context, message metadata, and email content required for delivery.
Sentry
Purpose: Error monitoring, diagnostics, reliability, and incident investigation.
Data: Error logs, stack traces, request context, browser/device metadata, and limited account/workspace context where configured.
Vercel
Purpose: Application hosting, edge delivery, deployment, and operational analytics where used for SaaS hosting.
Data: Request metadata, logs, IP address, user agent, routing metadata, and application traffic processed by the hosted service.
Neon
Purpose: Managed Postgres database where used for SaaS hosting.
Data: Account, organization, project, model, billing, audit, API, webhook, and workspace records stored in the application database.
Google Gemini API
Purpose: Optional AI advisor synthesis where external AI advisor features are enabled.
Data: Model summaries, simulation context, diagnostics, deterministic findings, and prompts needed to generate advisor output.
Customer Identity Provider
Purpose: SSO/SAML authentication when configured by an organization.
Data: Authentication assertions, email, name, group or domain attributes, session metadata, and identity-provider response metadata.
Customer Webhook Endpoint
Purpose: Customer-configured event delivery.
Data: Webhook payloads selected by the customer, delivery metadata, timestamps, response status, and signing-secret metadata.
Customer-Managed Infrastructure
Purpose: Self-host, GovCloud, on-prem, or air-gapped deployment infrastructure controlled by the customer.
Data: Data categories depend on the customer deployment and may include all application data processed in that environment.
Scope And Deployment Variants
This subprocessor list identifies service providers and customer-controlled integrations that may process information in connection with Verixos.
Enterprise, GovCloud, self-host, on-prem, or air-gapped customers may have a different subprocessor list controlled by their order form, DPA, security addendum, or deployment architecture.
Restricted And Self-Hosted Deployments
For restricted projects, external AI advisor synthesis is designed to be disabled. Customers should confirm that deployment settings and contract terms match their restricted-data obligations.
For self-host or air-gapped deployments, Verixos may not operate the infrastructure or have routine access to production data unless the customer requests support or a separate agreement provides for managed services.
Change Notice
Verixos may update this list as service providers, deployment models, integrations, or customer configurations change. Enterprise notice, objection, emergency replacement, region, and audit rights are governed by the applicable DPA or written agreement.