Sub-processors
Last updated: September 20, 2025
Izee ("we", "us", "our") engages certain third parties to help us deliver, secure, and support the Services. These third parties ("Sub-processors") may process Customer Data on our behalf as described below. Capitalized terms not defined here have the meanings in our Data Processing Addendum ("DPA").
We contractually require every Sub-processor to implement appropriate confidentiality, security, and privacy protections at least as protective as those in our DPA, including international transfer safeguards (e.g., EU Standard Contractual Clauses (SCCs) and the UK Addendum, and—where applicable—participation in the EU-U.S./UK-U.S. Data Privacy Framework).
If we add or replace a Sub-processor, we will (a) post the change here at least 30 days in advance and (b) notify account owners by email.
How we vet and oversee Sub-processors
- Due diligence on security, privacy, compliance, and sub-subprocessor use before engagement
- Written contracts with confidentiality, purpose limitation, and flow-down obligations
- Transfer mechanisms (SCCs Module 3 + UK Addendum, where applicable)
- Least privilege access and data minimization
- Ongoing monitoring and periodic reassessment
Current Sub-processors
Processing locations reflect the vendor's primary facilities for our configuration. Where Customer Data originates from the EEA/UK and is transferred to the U.S., we rely on SCCs + UK Addendum (and DPF where applicable).
| Vendor | Purpose | Processing Location(s) |
|---|---|---|
| Vercel, Inc. | Application hosting, serverless compute, edge/CDN | United States (Global Edge) |
| Supabase, Inc. | Managed Postgres database, auth | United States |
| Fly.io, Inc. | Background workers/queues | United States |
| OpenAI, L.L.C. | LLM inference | United States |
| Voyage AI, Inc. | Embeddings/LLM services | United States |
| Twilio Inc. | SMS/voice notifications (optional) | United States |
| Twilio SendGrid, Inc. | Transactional email | United States |
| Stripe, Inc. | Billing and payments | United States |
Not a Sub-processor: Next.js is a software framework used to build our application and does not independently process Customer Data.
Feature-dependent integrations
Some processing occurs only if you enable an integration (e.g., pushing leads to your CRM). In those cases, the third party typically acts as your independent controller or processor under its terms.
Processing locations & international transfers
We primarily process Customer Data in the United States. Where data is transferred from the EEA/UK to the U.S., we rely on SCCs (Module 3) and the UK Addendum (and, where a vendor participates, the EU-U.S./UK-U.S. Data Privacy Framework).
Advance notice & right to object
- Notice: We will update this page and email account owners ≥30 days before adding or replacing a Sub-processor.
- Objection: If you have reasonable grounds to object, email izee@izee.ai within 15 days of notice.
- Subscribe to updates: Email izee@izee.ai with subject "Subscribe to Sub-processor Updates."
Contact: izee@izee.ai