Akamai (formerly Linode)
Cloud infrastructure
- Purpose
- Application hosting, compute, databases
- Region
- United States
- AI-related
- No
- Type
- Required
- Disabled
- No
- Notes
- Core platform infrastructure
Subprocessors
A subprocessor is a third-party service that processes customer data on CustomerNode's behalf. The matrix below identifies our current subprocessors, what they're used for, and whether their use can be disabled at the tenant level. Required providers are core to delivering the service; optional providers (notably AI) can be disabled per tenant.
Cloudflare
Edge / CDN
- Purpose
- DNS, TLS termination, DDoS protection, static asset delivery
- Region
- Global edge
- AI-related
- No
- Type
- Required
- Disabled
- No
- Notes
- Traffic is encrypted end-to-end
Wasabi Technologies
Off-site backups
- Purpose
- Off-site storage of database backups
- Region
- United States
- AI-related
- No
- Type
- Required
- Disabled
- No
- Notes
- Wasabi only ever receives encrypted copies of database backups
Mailgun
Transactional email
- Purpose
- Account, notification, and verification email
- Region
- United States
- AI-related
- No
- Type
- Required
- Disabled
- No
- Notes
- Email contents are operational
Stripe
Billing
- Purpose
- Subscription billing and payment processing
- Region
- United States
- AI-related
- No
- Type
- Required for paid plans
- Disabled
- No
- Notes
- PCI handled by Stripe; no card data on CustomerNode systems
OpenAI
Generative AI
- Purpose
- LLM inference for tenant-enabled AI features
- Region
- United States
- AI-related
- Yes
- Type
- Optional
- Disabled
- Yes — tenant-level
- Notes
- Configured such that customer data is not used to train shared foundation models
Anthropic
Generative AI
- Purpose
- LLM inference for tenant-enabled AI features
- Region
- United States
- AI-related
- Yes
- Type
- Optional
- Disabled
- Yes — tenant-level
- Notes
- Configured such that customer data is not used to train shared foundation models
Identity / SSO providers
Authentication
- Purpose
- OAuth-based sign-in (e.g. Google, Okta) when configured by the tenant
- Region
- United States
- AI-related
- No
- Type
- Optional
- Disabled
- Yes — tenant-level
- Notes
- Only engaged when SSO is enabled
This list reflects the providers currently in use to deliver the CustomerNode service. The list is reviewed on a regular cadence and updated when providers are added, replaced, or retired. A current detailed subprocessor list is available on request to existing customers under the terms of the Data Processing Addendum.
Required infrastructure providers
Required providers — cloud hosting, edge/CDN, transactional email, and billing — are necessary to operate the service. They cannot be disabled on a per-tenant basis without terminating the relevant aspect of the service.
Optional AI providers
AI subprocessors are clearly identified above with the "AI-related" column. AI features are opt-in and can be disabled at the tenant level by an administrator. When a tenant disables AI features, customer data from that tenant is not sent to any AI subprocessor.
Where AI subprocessors expose controls to prevent the use of submitted data for training shared or general-purpose foundation models, we configure those controls accordingly. Additional detail is in the AI Governance page and the GenAI Governance Policy.
Billing & operational providers
Billing and identity providers process limited categories of data necessary to perform their specific function (e.g. an email address for authentication, a billing identifier for subscription management). They do not receive general customer content stored in the platform.
Change notification process
CustomerNode provides reasonable prior notice — typically at least thirty (30) days, except where a shorter period is necessary to address an urgent security, legal, or operational need — before adding or replacing a subprocessor that processes customer data. Notice may be provided through the Trust Center, by email to tenant administrators, or through the application.
Customer objection process
Customers may object in writing to a proposed new subprocessor on reasonable, data-protection grounds within thirty (30) days of receiving notice. If the objection cannot be resolved through good-faith discussion or alternative measures, the customer may terminate the affected portion of the service as described in the DPA.
DATA RESIDENCY
Production data is currently stored in the United States. We do not currently offer contractually committed in-region data residency for the EU/EEA or other regions; data transferred outside the EEA relies on Standard Contractual Clauses and the other mechanisms described in the DPA.