Trust Center · Sub-processors

Sub-processors.Every third party that touches customer data.

This page lists every third party that processes Innovexus customer data, the purpose of the processing, and the data scope. We update it within 30 days of adding or removing a sub-processor and notify customers under contract before a material change takes effect.

§ 01 / Active sub-processors

Sub-processor

Purpose

Data scope

Region

RunPod, Inc.

Primary compute and storage hosting (per-tenant Innovexus pods)

All customer data at rest and in transit during platform operation. Vault contents are encrypted with Innovexus-controlled keys; RunPod cannot access plaintext.

US-East / US-West / EU (per customer placement)

Amazon Web Services (AWS)

KMS, CloudHSM, CloudFront (PKI subsystem and OCSP/CRL distribution)

Encryption key material (custody only — keys do not leave HSM boundary). Public certificate metadata for OCSP/CRL.

us-east-1 primary; multi-region failover

Anthropic, PBC

Claude model API for AI Copilot reasoning

Conversation prompts submitted by users invoking AI features. Per Anthropic terms, prompts are not used for model training.

US (Anthropic-managed)

ElevenLabs, Inc.

Conversational AI agent for the Innovexus website chat ("Inno")

Visitor messages submitted to the Inno chat widget on the public website. No authenticated customer data flows through this path.

Stripe, Inc.

Payment processing for subscription billing

Billing identity, payment method tokens, transaction records. Innovexus does not store cardholder data; PCI scope is Stripe-isolated.

Supabase, Inc.

Authentication backend (managed Postgres + GoTrue)

User identity records (email, hashed credentials, SAML/OIDC linkages). No customer device data or session content stored here.

Cloudflare, Inc.

CDN, DDoS protection, DNS for innovexus.io

Public website traffic metadata. No authenticated customer data.

Global edge

Google LLC (GA4)

CUSTOMER-OPTIONAL

Public website analytics (innovexus.io marketing pages only)

Aggregated visitor analytics for the public marketing site. Not used for authenticated app pages or customer infrastructure.

US/EU per Google policy

Notification policy

Customers under an active subscription receive at least 30 days' advance notice of material sub-processor changes via the customer Slack channel and the billing-contact email on file. To subscribe to sub-processor change notifications without an active subscription, email [email protected].

For data-residency-sensitive engagements (HIPAA-scoped, EU-only data plane, or air-gapped deployments) we can scope a subset of these sub-processors out of the deployment. See /compliance for current data-residency posture or contact the trust mailbox for custom scoping.