DeepXL Logo

Subprocessors List

Last Updated: February 13, 2025

Introduction

This document lists the third-party subprocessors that DeepXL uses to provide our Services. These subprocessors may process Personal Data submitted to our Services. We require each subprocessor to maintain appropriate security and privacy controls.

Updates and Notifications

We may update this list from time to time. Material changes will be announced:

  • 30 days in advance via email for existing customers
  • Through our status page at status.deepxl.ai
  • In our changelog at deepxl.ai/changelog

Infrastructure Subprocessors

Google Cloud Platform

  • Purpose: Core infrastructure and AI services
  • Data Location: US (East, West) and EU (Frankfurt, Dublin)
  • Security Certifications: ISO 27001, SOC 2 Type II, FedRAMP
  • Data Categories: Service data, analysis content
  • Website: cloud.google.com
  • DPA Available: Yes

Vercel

  • Purpose: Hosting and deployment infrastructure
  • Data Location: US and EU
  • Security Certifications: ISO 27001, SOC 2 Type II
  • Data Categories: API traffic, logs
  • Website: vercel.com
  • DPA Available: Yes

Cloudflare

  • Purpose: CDN and DDoS protection
  • Data Location: Global edge network
  • Security Certifications: ISO 27001, SOC 2 Type II, PCI DSS
  • Data Categories: Traffic metadata, IP addresses
  • Website: cloudflare.com
  • DPA Available: Yes

Authentication and User Management

Clerk

  • Purpose: Authentication and user management
  • Data Location: US and EU
  • Security Certifications: SOC 2 Type II
  • Data Categories: User credentials, authentication data
  • Website: clerk.com
  • DPA Available: Yes

Database and Storage

Google Cloud SQL (Postgres)

  • Purpose: Database hosting
  • Data Location: US (East, West) and EU (Frankfurt, Dublin)
  • Security Certifications: ISO 27001, SOC 2 Type II, FedRAMP
  • Data Categories: Service data, analysis results
  • Website: cloud.google.com/sql
  • DPA Available: Yes

Analytics and Monitoring

PostHog

  • Purpose: Product analytics and user behavior tracking
  • Data Location: EU (Frankfurt)
  • Security Certifications: ISO 27001, SOC 2 Type II
  • Data Categories: Usage data, feature analytics
  • Website: posthog.com
  • DPA Available: Yes

Communication Services

Resend

  • Purpose: Email delivery service
  • Data Location: US and EU
  • Security Certifications: SOC 2 Type II
  • Data Categories: Email addresses, email content
  • Website: resend.com
  • DPA Available: Yes

Development Tools

GitHub

  • Purpose: Code hosting and version control
  • Data Location: US
  • Security Certifications: SOC 2 Type II
  • Data Categories: Code, configuration files
  • Website: github.com
  • DPA Available: Yes

Subprocessor Requirements

All subprocessors must:

  1. Pass our security assessment
  2. Maintain required certifications
  3. Sign data processing agreements
  4. Support compliance requirements
  5. Enable audit rights

Data Processing Locations

  • Primary Processing: United States
  • Failover Processing: Based on service availability
  • Edge Services: Global points of presence for CDN and DDoS protection

Contact Information

For questions about our subprocessors:
Email: privacy@deepxl.ai
Address: 1007 Orange St, Wilmington, DE 19801