Subprocessors
Third parties that process Customer data on Inventifornia's behalf.
Last updated: June 23, 2026
Change notification
Inventifornia will provide at least 30 days' advance written noticebefore engaging a new subprocessor that processes Customer Input Data, or before a material change to an existing subprocessor's role. Notice is provided by:
- Updating this page with a revised "Last updated" date
- Email to the Customer's account administrator (for paid accounts)
Customers may object to a new subprocessor on reasonable security grounds by contacting security@inventifornia.com within 14 days of notice. If the parties cannot resolve the objection, Customer may terminate the affected services without penalty.
Current subprocessors
| Subprocessor | Purpose | Location | Data processed |
|---|---|---|---|
| Cloudflare, Inc.SOC 2 Type II, ISO 27001 | Application hosting (Workers), database (D1), object storage (R2), cache (KV), WAF/DDoS, transactional email | United States; global edge network | All Customer Input Data, account data, audit logs, uploaded images |
| Stripe, Inc.PCI DSS Level 1, SOC 2 | Subscription billing and payment processing | United States | Billing contact, payment method (tokenized by Stripe — Inventifornia does not store full card numbers) |
| Google LLC (reCAPTCHA)Optional — when configuredSOC 2, ISO 27001 | Bot protection on login and registration (when enabled) | United States | IP address, browser signals, interaction metadata |
Subprocessor obligations
Inventifornia requires subprocessors to maintain appropriate technical and organizational security measures and to process data only on Inventifornia's documented instructions. Data processing terms are governed by the Data Processing Addendum.
Trust CenterTerms & ConditionsPrivacy PolicyCookie PolicyAcceptable Use PolicyOperational Data BoundaryData Processing Addendum