Subprocessors¶
Revzio uses a small set of third-party subprocessors to deliver the service. We maintain a current register of each, the data they handle, and their security/DPA status; new subprocessors are added only after a vendor risk review.
Verify before publishing
Confirm each subprocessor's current attestation (SOC 2 / ISO 27001) and DPA status against that provider's own trust page, and finalize the cloud-hosting row, before this page goes public. Markers below indicate entries to confirm.
| Subprocessor | Purpose | Data handled | Attestation | DPA |
|---|---|---|---|---|
| Supabase | Managed PostgreSQL database / hosting (primary data store) | Customer data (encrypted at rest) | SOC 2 [verify] |
[verify] |
Cloud hosting provider [confirm: AWS/...] |
Underlying infrastructure | Hosting | SOC 2 / ISO 27001 | via provider |
| OpenAI | LLM processing | Document/transaction text as needed for features | SOC 2 [verify] |
[verify] |
| Google (Gemini) | LLM processing (fallback) | As above | SOC 2 / ISO 27001 | [verify] |
| Authentication / workspace | User identity (name, email) | ISO 27001 / SOC 2 | [verify] |
|
| Stripe | Billing integration | Customer billing / invoice data | PCI-DSS / SOC 2 | [verify] |
| Zoho Books | ERP integration | Accounting records | SOC 2 [verify] |
[verify] |
| QuickBooks (Intuit) | ERP integration | Accounting records | SOC 2 [verify] |
[verify] |
| NetSuite (Oracle) | ERP integration | Accounting records | SOC 2 / ISO 27001 | [verify] |
| Oracle Fusion | ERP integration | Accounting records | SOC 2 / ISO 27001 | [verify] |
ERP, billing, and LLM subprocessors are used only where a customer has connected that integration or enabled the relevant feature.
Change notifications¶
We notify customers of material changes to our subprocessor list per the terms of our Data Processing Agreement. To request the current signed register, contact security@revzio.ai
.
Source of truth: internal Subprocessor Register (Doc 20). Effective 2026-06-11 · Next review 2027-06-11.