Sub-processors
Last updated: June 1, 2026
IsoDora engages the third-party service providers below to process personal data on our behalf in order to deliver our ISO compliance management platform. We maintain a Data Processing Agreement with each provider and rely on the transfer mechanism listed for any transfer of personal data outside the European Economic Area, in accordance with GDPR Article 28 and Article 13(1)(e)–(f).
| Sub-processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| OpenAI, L.L.C. | AI inference and embeddings for compliance document analysis | United States | Standard Contractual Clauses (Commission Decision 2021/914) |
| Supabase, Inc. | Database, file storage, and authentication | European Union (eu-central-1, Frankfurt) | EU Data Processing Agreement (data held in the EU) |
| Vercel, Inc. | Serverless compute and content delivery (CDN) | United States (EU edge regions for delivery) | EU-US Data Privacy Framework |
| Stripe, Inc. | Subscription and payment processing | United States | EU-US Data Privacy Framework and Standard Contractual Clauses |
| Resend (Plus Five Five, Inc.) | Transactional email delivery | United States | Standard Contractual Clauses |
| Functional Software, Inc. (Sentry) | Application error tracking and monitoring | European Union where available, otherwise United States | Data Processing Agreement and Standard Contractual Clauses |
| LangChain, Inc. (LangSmith) | AI agent observability and tracingCurrently disabled in production. Will only be enabled following execution of a Data Processing Agreement and prior customer notification. | United States | Standard Contractual Clauses |
Changes to this list
We update this page whenever we add or replace a sub-processor. Customers with an active agreement are notified of any new sub-processor before it begins processing their personal data, as required by GDPR Article 28(2). To request advance notification of changes, contact us at the address below.
Contact
For questions about our sub-processors, our Data Processing Agreement, or to request the underlying transfer documentation, contact:
Email: privacy@isodora.se
Data Protection Officer: dpo@isodora.se
