Sub-Processors Guidelines
Last Updated:
Introduction
43D Corporation is committed to transparency regarding our use of third-party service providers (“sub-processors”) that may process Customer Data on our behalf. This document outlines our guidelines for selecting, managing, and overseeing sub-processors to ensure the security and privacy of your data.
What is a Sub-Processor?
A sub-processor is a third-party service provider that 43D Corporation engages to process Customer Data on our behalf. These service providers help us deliver our services and may have access to Customer Data in the course of providing these services.
Our Commitments
43D Corporation commits to:
- Maintaining an up-to-date list of all sub-processors with access to Customer Data
- Ensuring all sub-processors maintain appropriate security measures consistent with our own security standards and contractual obligations
- Requiring sub-processors to comply with applicable data protection laws and regulations
- Conducting thorough security and privacy assessments before engaging new sub-processors
- Regularly reviewing sub-processor practices and compliance
Sub-Processor Management
Selection Process
When selecting new sub-processors, 43D Corporation conducts a comprehensive evaluation that includes:
- Security and compliance certifications (e.g., SOC 2, ISO 27001)
- Data protection practices and policies
- Technical and organizational security measures
- Reputation and industry standing
- Geographic location of data processing
Contractual Requirements
43D Corporation requires all sub-processors to:
- Process data only according to our documented instructions
- Implement appropriate technical and organizational security measures
- Ensure confidentiality commitments from personnel with access to Customer Data
- Delete or return all Customer Data upon termination of services
- Submit to security assessments and audits
- Provide prompt notification of any security incidents
Change Management
43D Corporation will notify customers of any changes to our sub-processor list according to the terms of our customer agreements. Enterprise customers may have additional notification rights as specified in their service agreements.
Current Sub-Processors
As of February 2025, 43D Corporation engages the following sub-processors:
| Sub-Processor | Purpose | Data Processing Location | Security Certifications |
|---|---|---|---|
| Vercel, Inc. | Application hosting and infrastructure services | United States and global edge locations | SOC 2 Type 2, ISO 27001 |
| Neon, Inc. | Database hosting and management | United States | SOC 2 Type 2 |
| Clerk, Inc. | Authentication and user identity management | United States | SOC 2 Type 2 |
| Posthog, Inc. | Product and web analytics | United States | SOC 2 Type 2 |
Monitoring and Compliance
43D Corporation maintains an ongoing sub-processor management program that includes:
- Annual security reassessments
- Regular review of compliance certifications
- Monitoring of service level commitments
- Evaluation of security incident response capabilities
Customer Controls
Enterprise customers with specific compliance requirements may contact us to discuss:
- Custom data residency requirements
- Additional contractual protections
- Enhanced security measures
- Custom notification procedures for sub-processor changes
Updates to this Document
43D Corporation will update this document as we engage new sub-processors or make changes to our existing relationships. The most current version will always be available at this URL.
Contact Information
If you have questions about our sub-processors or would like more information about our data processing activities, please contact:
43D Corporation
395 S Gordon Way
Los Altos, CA 94022
Email: privacy@waystation.ai