Security · Sub-processors
The third parties that process your data.
A sub-processor is any third party that processes customer data on CoordOS's behalf. Our DPA commits us to (1) disclose every sub-processor here, (2) notify customers 30 days before adding new sub-processors or materially changing how an existing one is used, (3) bind each sub-processor to GDPR-equivalent terms, and (4) work with customers on alternatives if they reasonably object.
Cloud infrastructure
| Provider | Service | Region | Certifications |
|---|---|---|---|
| Google LLC | Google Cloud Platform: Cloud Run, Firestore, Cloud Storage, Secret Manager, Cloud KMS, BigQuery, Eventarc, Cloud Tasks, Document AI, Identity Platform, Cloud Build, Artifact Registry, VPC Service Controls, Memorystore Redis. All operational data: agent runtime state, sessions, audit logs, OAuth refresh tokens (encrypted with per-tenant CMEK), document text extractions, search index. Customer's own Drive + QBO data does not transit our GCP — it stays in their accounts. | us-central1 (Iowa, USA) for US tenants; northamerica-northeast1 (Montreal, Canada) for Canadian tenants. Region is per-tenant and stable. | SOC 2 Type II, SOC 3, ISO 27001/17/18, FedRAMP High, HIPAA-eligible |
| Cloudflare, Inc. | DNS, CDN, WAF, DDoS protection, Cloudflare Tunnel. All HTTP traffic transits Cloudflare's edge for TLS termination and DDoS protection. No customer data stored at Cloudflare. | Global edge; nearest POP routing | SOC 2 Type II, ISO 27001/18, PCI DSS Level 1 |
LLM / AI providers
Our agents call language models for reasoning. Prompts may include fragments of customer data (e.g., a bill's vendor name and amount). We require zero-retention configuration with each provider; prompts and completions are not used to train their models. Routing across providers is handled by our LiteLLM router with per-tenant policy.
| Provider | Region | Configuration | Certifications |
|---|---|---|---|
| Anthropic, PBC — Claude models | US (via Anthropic API or Google Vertex AI multi-region; Vertex is one routing option per-tenant, not the locked path) | Zero-retention via API enterprise tier (no training, no abuse logging beyond 30 days) | SOC 2 Type II |
| OpenAI OpCo, LLC — GPT-class models | US | Zero-retention via Enterprise API tier. Optional; some tenants may opt out. | SOC 2 Type II |
| Google LLC (Vertex AI Gemini) | Regional (configurable per call) | Zero-retention default per Vertex AI Generative AI data governance policy | Same as Google Cloud above |
Customer's own systems
Systems the customer connects via their own OAuth grant. Our role is operating within them, not storing data on their behalf. Listed for transparency.
| System | How we operate | What we read / write |
|---|---|---|
| Intuit Inc. (QuickBooks Online) | Customer authorizes our app via Intuit OAuth; access tokens minted by our Token Broker; reads via MCP Gateway; writes only via Write Service after KMS-signed approval | Read: customers, vendors, items, accounts, classes, projects, bills, invoices, purchases, reports. Write: bills, invoices, payments, journal entries created from agent drafts after the customer's explicit approval click. |
| Google LLC (Google Drive) | Customer authorizes our app via Google OAuth with drive.file scope; we operate inside the CoordOS/ folder they designate |
Read: files + folder structure inside CoordOS root. Write: extraction sidecars, approval batches, learnings, daily check-in records, generated reports — always within CoordOS root. |
| Google LLC (Gmail — optional) | Customer authorizes gmail.readonly + gmail.send. Read invoice emails for triage; send reports + AR chase emails on customer's behalf after approval. |
Read: messages matching invoice / payment patterns. Write: drafts (always) and sends (only after KMS-signed approval). |
Communications
| Provider | Service | Region | Certifications |
|---|---|---|---|
| Twilio Inc. | SMS + WhatsApp Business API (Cloud API). Inbound and outbound messages: crew daily check-ins, customer Q&A. Phone numbers, message content, delivery receipts. | US / EU edge based on customer location | SOC 2 Type II, ISO 27001, GDPR sub-processor (sub-sub: Meta for WhatsApp delivery) |
| Meta Platforms, Inc. (WhatsApp Business) | WhatsApp messaging delivery (downstream of Twilio) | Multi-region per WhatsApp Business API terms | ISO 27001 + 27018; WhatsApp Business API terms |
| SendGrid (Twilio Inc.) or Postmark — final choice TBD | Outbound transactional email (customer reports, AR chase, approval notifications). Sent from reports@coordos.ai by default; from customer's Gmail if they've connected Gmail OAuth. |
US | SOC 2 Type II |
Billing
| Provider | Service | Notes |
|---|---|---|
| Stripe, Inc. | Customer billing: subscription state, payment methods (we do not see card numbers), invoices, taxes | SAQ-A scope. Stripe holds cardholder data; we hold only Stripe customer / subscription IDs. SOC 1 Type II + SOC 2 Type II + PCI DSS Level 1. |
Compliance & observability
| Provider | Service | Notes |
|---|---|---|
| Drata, Inc. | SOC 2 evidence collection + continuous compliance monitoring | Read-only access to our GCP IAM, GitHub, employee directory, security configurations. Does NOT access customer data. SOC 2 Type II. |
| Datadog, Inc. (optional; may run with Cloud Monitoring only at launch) | Application performance monitoring + log aggregation | Logs scrubbed of PII before shipping. Customer data does not appear in logs by design (token redaction in MCP Gateway, no raw bill content in pod logs). |
| OneTrust or Iubenda — final choice TBD | Cookie consent for the marketing site | Cookie preferences only; no customer business data |
Document processing
| Provider | Service | Notes |
|---|---|---|
| Google LLC (Document AI) | OCR + structured extraction from bill PDFs. Part of GCP above; called out for clarity. | Documents processed in-region and not retained by Document AI beyond the API call. |
What this list does NOT include
- Software libraries, npm/pip dependencies, base container images — not sub-processors in the data-processing sense.
- Email clients used by our employees for internal comms that don't touch customer data.
- Hardware vendors (we're cloud-only).
- Optional integrations that customers may enable but aren't on by default — we'll update if any become standard.
Notification commitments
- Adding a sub-processor with access to customer data: 30 days advance notice via email to tenant admin contacts + portal banner. Customer can object; we'll work on alternatives or accept a contract amendment.
- Removing a sub-processor: notification within 30 days after the change.
- Material change to how an existing sub-processor is used: 30 days advance notice.
- Region change: 30 days advance notice.
Verifying this list
- Each sub-processor's certification reports are linkable on this page (links added pre-launch).
- Customer security teams can request a SOC 2 / ISO 27001 attestation report covering the sub-processor relationships under our SOC 2 audit (post-Type II completion).
- Audit log: any operation that reaches a sub-processor is logged in the customer's BigQuery audit trail. Customers can export their own audit log via the Portal API.
Versioning
This page is versioned. Every change creates a new version with a public diff, retained for at least 7 years.
2026-05-07 — Initial publication. Single source of truth for v1 launch.
Contact
Sub-processor questions: privacy@coordos.ai