To deliver our website we rely on the providers below. Each acts as a subprocessor, handling data only as needed to perform its function and under its own security and privacy commitments.
| Provider | Purpose | Data processed | Location |
|---|---|---|---|
| Google Cloud Platform (Google LLC) |
Cloud hosting & infrastructure | All site content at rest; server & access logs (including IP addresses) | United States |
| Postmark (ActiveCampaign) |
Transactional email delivery (contact-form notifications) | Name, email address, and message content submitted via the contact form | United States |
| Google Fonts (Google LLC) |
Delivery of web fonts to the visitor's browser | IP address (inherent to any request for the font files) | United States / global CDN |
Not third parties
Our website analytics are self-hosted and cookieless — usage data is not shared with a third-party analytics provider.
Client engagements
The list above covers cia.dev itself. Individual client projects may use additional subprocessors specific to that engagement (for example, a payment processor, an authentication provider, or an email/SMS service chosen for the project). Those are disclosed and governed within the relevant engagement and Data Processing Addendum.
Changes
We update this page when our subprocessors change. Clients under an active DPA may request to be notified of material changes — email security@cia.dev.