Subprocessors
Categories of third-party providers that may process personal data in connection with CAPA Resolve services.
Last updated: April 2026
Overview
Like all modern web services, CAPA Resolve relies on a small number of third-party providers to deliver infrastructure, communications, and operational capabilities. These providers may process personal data on our behalf. We engage providers carefully, require them to handle data in accordance with applicable law and our instructions, and put appropriate contractual protections in place.
We do not sell personal data to subprocessors or permit them to use it for their own purposes.
Provider categories
| Category | Purpose | Data types (general) | Processing regions |
|---|---|---|---|
| Website hosting & CDN | Serving the public website, edge delivery, DDoS protection, and security filtering | IP addresses, request logs, page visit data | Global edge network |
| Cloud infrastructure | Hosting platform services, databases, storage, and compute environments | User account data, case data, uploaded documents | US / EU / other regions (confirmed per deployment) |
| Email & communications | Transactional email, account notifications, and support communications | Email addresses, message metadata and content | US / EU (varies by provider) |
| Identity & authentication | User login, session management, and access control | Email addresses, authentication tokens, session identifiers | US / EU (varies by provider) |
| AI model providers | Powering case-analysis, structuring assistance, and related platform features | Case content and user-submitted text processed per request; governed by provider data handling terms | US / EU (varies by provider) |
| Payment processing | Processing payments for platform access or services (where applicable) | Billing details; payment card data processed directly by payment provider and not stored by CAPA | US / EU (varies by provider) |
| Monitoring & error tracking | Application performance monitoring, uptime checks, and error logging | Technical logs, error traces, partial request data (no full user content) | US / EU (varies by provider) |
| Analytics | Aggregated, privacy-respecting usage analytics (if and when deployed) | Anonymised or pseudonymised interaction data; no cross-site tracking | TBD — will be disclosed before deployment |
Named providers
We will publish a named provider list here as the production platform is configured and providers are confirmed. We believe transparency requires accuracy, and listing names prematurely is more likely to mislead than to inform.
Organisations with enterprise, contractual, or security review requirements for a full named subprocessor list should contact legal@caparesolve.com.
Updates
This page will be updated as the platform develops and as providers are added, changed, or removed. Parties operating under executed Data Processing Agreements may have specific notification rights regarding subprocessor changes — please refer to your agreement for details.