Sub-processors

Atlas Logic uses the third parties below to deliver our service. Each is bound by a Data Processing Agreement that requires the same data-protection obligations we owe our customers. We review every sub-processor at least annually and on material change.

VerifiedLast updated: 2026-06-01

Name	Category	Purpose	Data processed	Location	Transfer mechanism	Certifications
Microsoft Azure	Infrastructure & Hosting	Primary cloud infrastructure, AI Foundry model hosting, Key Vault, Blob Storage, Log Analytics	· All customer data categories	USA (primary); EU available	SCCs / DPF	ISO 27001 SOC 2 Type II ISO 27017 ISO 27018
MongoDB Atlas (Azure Cosmos DB-compatible)	Database & Storage	Compliance database, audit logs, evidence metadata, user records, subscription data	· All structured data	USA	SCCs	ISO 27001 SOC 2 Type II PCI DSS
Anthropic (Claude API)	AI Processing	AI-powered compliance analysis, control recommendations, risk generation (via Azure AI Foundry proxy)	· Evidence excerpts · Control metadata · Anonymized prompts only	USA	DPA / SCCs	SOC 2 Type II ISO 27001 Customer Data is contractually prohibited from use in model training.
xAI (Grok API)	AI Processing	AI analysis alternative provider, evidence review, chatbot responses	· Evidence excerpts · Anonymized prompts	USA	DPA / SCCs	SOC 2 Type II EU/EEA Personal Data not routed via xAI until SCCs are executed; processed via Azure AI Foundry + Anthropic in the meantime.
Google OAuth 2.0	Authentication	Identity provider, SSO authentication	· Name · Email address · OAuth token	USA	SCCs / DPF	ISO 27001 SOC 2 Type II
Microsoft Entra ID	Authentication	Identity provider, SSO, MFA enforcement	· Name · Email address · MFA status · OAuth token	USA / EU	SCCs	ISO 27001 SOC 2 Type II
SendGrid (Twilio)	Email Delivery	Transactional email — invitations, breach notifications, subscription alerts	· Email address · Name	USA	SCCs	ISO 27001 SOC 2 Type II
Stripe	Payments	Payment processing, subscription billing, partner commission payouts	· Payment card data · Billing address	USA	SCCs	PCI DSS Level 1 SOC 2 Type II ISO 27001
GitHub	Code Integration	Code integration for evidence collection (Sentinel Enterprise plan)	· Repository metadata · Commit history · Code references	USA	SCCs	ISO 27001 SOC 2 Type II
AWS (optional)	Infrastructure & Hosting	Secondary infrastructure or customer-selected hosting region	· Customer data (if selected)	Customer-selected	SCCs	ISO 27001 SOC 2 Type II ISO 27017 ISO 27018 Activated only when a customer selects AWS as their hosting region.

How we monitor them

We track certification status and incident notifications for every sub-processor, and we re-verify their reports (SOC 2, ISO 27001) on renewal. Material changes flow through our internal change-management process before going into effect.

Request DPAs or reports

Customers under NDA can request signed Data Processing Agreements and the underlying attestation reports for any sub-processor listed above.

compliance@atlaslogic.io