Legal document
Subprocessors
- Effective:
- May 7, 2026
- Issuer:
- MorPhoe Tech Inc
The third parties listed below may process Customer personal data on behalf of BizNerva. The full processing terms, including notification, objection, and termination rights, are set out in the Data Processing Agreement (DPA).
This page is the canonical, machine-readable list of BizNerva subprocessors. For full processing terms — including the 30-day change-notification period, Controller objection rights, security obligations imposed on each subprocessor, and audit rights — see the Sub-processors section of our Data Processing Agreement. By continuing to use the BizNerva platform after a change is published here, Controller is deemed to have notice of the change.
1Current Subprocessors
| Provider | Jurisdiction | Purpose | Certifications |
|---|---|---|---|
| Supabase Inc. | San Francisco, CA, USA | Database hosting (PostgreSQL), authentication, and file storage. | SOC 2 Type II |
| Vercel Inc. | San Francisco, CA, USA | Application hosting and content delivery. | SOC 2 Type II |
| Stripe Inc. | San Francisco, CA, USA | Payment processing for Customer subscriptions and invoices. | PCI DSS Level 1, SOC 2 Type II |
| Anthropic PBC | San Francisco, CA, USA | AI processing for compliance analysis, document review, content classification, and optional OCR of scanned uploads. Compliance content and conversation context are PII-redacted before transmission. Provider terms restrict use of API-submitted data for model training. | SOC 2 Type II |
| OpenAI, L.L.C. | San Francisco, CA, USA | Vector embeddings for relevance search across regulatory and organization content; fallback provider for job-posting analysis. Inputs are PII-redacted or stripped of personal identifiers before transmission. | SOC 2 Type II |
| Google LLC | Mountain View, CA, USA | Two purposes: (1) Fallback provider for pay-transparency job-posting analysis (processes job posting text only; no personal identifiers). (2) Google Workspace as the transactional and notification email transport (SMTP relay): processes recipient email addresses and message content (which may include user names, organization names, and action links) in transit. Email content is not used for advertising under Google Workspace terms. | SOC 2 Type II, ISO 27001 |
| Mercury Technologies, Inc. | San Francisco, CA, USA | Partner payment processing for ACH and wire transfers (revenue share disbursements). Processes partner financial data. | SOC 2 Type II |
| Cloudmersive, Inc. | Pleasanton, CA, USA | File security scanning for virus and malware detection. Stateless API — files are not stored or retained after the scanning transaction. | — |
| Inngest Inc. | San Francisco, CA, USA | Background job queue for transactional and notification email delivery. Processes email addresses and notification payloads in transit; no long-term storage of personal data. | SOC 2 Type II |
| Functional Software, Inc. (Sentry) | San Francisco, CA, USA | Application error monitoring. May capture limited diagnostic and error context; PII scrubbing applied before transmission. | SOC 2 Type II |
| Upstash, Inc. | San Francisco, CA, USA | Caching layer for derived, non-personal platform data. No raw personal data is stored in cache; TTL-based expiration applied. | SOC 2 Type II |
2Notification of changes
BizNerva will provide at least thirty (30) days' notice of any intended addition or replacement of a subprocessor by updating this page and emailing the Controller's registered email address. The Controller may object in writing within fourteen (14) days of receipt of such notice, as set out in Section 7 of the DPA.
3Questions or objections
For subprocessor-related questions or to exercise objection rights, contact privacy@biznerva.com.