The complete list, with data classes and DPAs.
Garde1 uses a small number of vetted subprocessors to operate the platform. Each is U.S.-resident, each is under a written data-processing agreement, and each receives only the data classes documented below. This list is authoritative; the Privacy Policy and Customer Responsibility Matrix point here.
Current subprocessors
Amazon Web Services, Inc.
Primary hosting (us-east-2): ECS Fargate compute, Aurora PostgreSQL, S3 object storage, DynamoDB audit log, KMS, Secrets Manager, ALB, CloudFront, WAFv2, SES (transactional email), SQS (background queues).
| Data classes | All Customer Data, SPD, account metadata, audit logs, encrypted secrets. |
| Region | us-east-2 primary; us-east-1 for CloudFront / WAFv2 globals. |
| DPA | AWS Customer Agreement + GDPR Data Processing Addendum executed. |
Microsoft Corporation (Entra External ID)
OIDC identity provider for customer sign-in. SAML and SCIM federate into Entra; Garde1 itself speaks only OIDC.
| Data classes | User principals (email, display name, group memberships), authentication events, federation tokens. No business data. |
| Region | United States (Microsoft Azure). |
| DPA | Microsoft Online Services Data Protection Addendum (DPA) executed. |
Microsoft Corporation (Azure AI — OpenAI + Cohere Rerank)
LLM inference for policy prose generation, evidence evaluation, and the in-app assistant (Azure OpenAI). Retrieval relevance scoring before LLM evaluation (Cohere Rerank, hosted on Azure AI Foundry under the same Garde1 Azure tenancy). Zero-retention on both.
| Data classes | Control text, scope facts, evidence excerpts, questionnaire answers. See garde1.com/security/ai for the full list. |
| Region | United States (Azure, U.S. region). |
| DPA | Microsoft Online Services DPA + Azure OpenAI abuse-monitoring opt-out enabled. Prompts, completions, and rerank inputs are not retained; not used to train or fine-tune any model in the Azure AI catalog. |
Stripe, Inc.
Payment processing and subscription billing.
| Data classes | Billing email, subscription tier, invoice history, last-four card digits. Garde1 does not store full card numbers or CVCs. |
| Region | United States. |
| DPA | Stripe Services Agreement + DPA executed. |
Vercel, Inc.
Hosting for the public marketing site (garde1.com) and the status page (status.garde1.com).
| Data classes | Public content only. No Customer Data. Marketing-form submissions are forwarded directly to SES and not stored on Vercel. |
| Region | United States. |
| DPA | Vercel Customer Terms + DPA executed. |
What we don't use
For the record, Garde1's production stack does not include the following classes of subprocessor:
- Public LLM or rerank APIs (OpenAI public API, Anthropic public API, Cohere public API, etc.). All LLM inference and retrieval reranking runs on Azure under Garde1's Azure tenancy with the zero-retention add-on — Azure OpenAI for generation, Cohere Rerank on Azure AI Foundry for relevance scoring.
- Cross-site advertising / analytics inside the application. Marketing pages use Google Analytics (GA4) with IP anonymization; the application itself uses no ad pixels or marketing trackers.
- Foreign-operated infrastructure providers. No non-U.S. subprocessor receives Customer Data.
- Generic email-marketing platforms (Mailchimp, SendGrid public list, etc.). Transactional and notification email is sent via AWS SES in us-east-2 from a Garde1-verified identity.
How to receive change notices
Subprocessor changes are posted on this page at least 30 days in advance. If you want email notifications to a compliance distribution list (not the sign-in account), use the form below with the distribution address you'd like to subscribe.
Request a DPA copy or change notices
Use the form below to request a copy of any executed subprocessor DPA or to subscribe a distribution list to change notices.