Alsvior Global
Features01Pricing02Security03Alsvior Global04Sign in05
Start free

EMS Legal · 04 of 09

Sub-processors

This page lists the sub-processors we currently use to operate Alsvior EMS. It forms Annex III of our Data Processing Agreement. We update this page in advance of any change, and we give at least 30 days’ notice (by email to Workspace Owners) before adding or replacing a sub-processor that has access to Customer Personal Data.

Effective: 12 May 2026

1. Current sub-processors

Sub-processorLegal entityPurposeData categoryRegionTransfer mechanism
Microsoft AzureMicrosoft Ireland Operations LimitedApplication hosting, Azure SQL, identity (Entra ID), storageCustomer Data, Account Data, TelemetryEU (Ireland) — primary · UK / US for Premium residency requestsEU SCCs / UK IDTA · EU-US Data Privacy Framework
StripeStripe Payments Europe Ltd · Stripe, Inc.Subscription billing, payments, customer portalAccount Data (name, billing address, payment method)Ireland · United StatesEU SCCs / UK IDTA · EU-US DPF
AnthropicAnthropic, PBCClaude model inference for the AI AssistantAI prompts and completions (Customer Data sent only when a user invokes the Assistant)United StatesEU SCCs · zero-retention API tier · no model training on customer data
PostmarkWildbit, LLC (an ActiveCampaign company)Transactional email (invitations, magic-links, receipts)Account Data (email address, name)United StatesEU SCCs · EU-US DPF
CloudflareCloudflare, Inc. (EU: Cloudflare Germany GmbH)CDN, DDoS protection, DNS, WAFTechnical Data (IP, request metadata)Global edgeEU SCCs · EU-US DPF
Google WorkspaceGoogle Ireland LimitedSign-in (OAuth)Account Data (email, name)Ireland · United StatesEU SCCs · EU-US DPF
SentryFunctional Software, Inc.Error tracking and performance monitoringTelemetry, error context (scrubbed of Customer Data)United States · EU (Frankfurt) for EU tenantsEU SCCs · EU-US DPF
PlausiblePlausible Insights OÜPrivacy-first product analyticsAggregated usage (no cookies, no IPs stored)European Union (Germany)Intra-EU — no transfer mechanism required

2. About the data categories

  • Customer Data — the records you and your Users submit to the Service (engagements, timesheets, invoices, people).
  • Account Data — identifying information about Users and Workspace Owners (names, emails, billing address).
  • Telemetry — performance, error and security signals tagged with TenantId only, never with personal identifiers.
  • AI prompts and completions — only sent to AI sub-processors when a User invokes an AI feature, under the zero-retention and no-training terms described in our AI Notice.

3. How we notify changes

We will send the change notice to the email address of record for every Workspace Owner. The notice will include: the new sub-processor, its country, the data category it will process, the reason for the change, and the date the change takes effect. If Customer reasonably objects on data-protection grounds within 30 days, Customer may terminate the affected subscription without penalty under clause 6 of the DPA.

4. Auxiliary vendors

We also use auxiliary vendors that do not have access to Customer Personal Data (for example: Plausible for marketing-site analytics, documentation hosting, internal tooling). These are not listed as sub-processors because they do not process Customer Personal Data on our behalf inside the meaning of GDPR Article 28.

5. Contact

Questions about sub-processors should be sent to dpo@alsviorglobal.com.