01About this list
To deliver, secure, and support its Products, EvlarSoft LLC relies on a small, carefully chosen set of third-party providers (“subprocessors”) that may process personal data on our behalf. This page identifies the categories of subprocessors we use and what each one handles. It applies across all of our Products — the Verve family, DigestYourFinances, and our applications.
We keep this list deliberately short. We conduct diligence appropriate to the risk before engaging a subprocessor, and we bind each one by written contract to data-protection obligations no less protective than those in our Data Processing Addendum. We remain responsible to our customers for the performance of our subprocessors.
02Current subprocessors
The following categories of subprocessors are currently engaged. Specific providers within each category may change as we improve reliability, security, and performance.
| Provider role | Purpose | Data handled | Region |
|---|---|---|---|
| Cloud hosting & compute | Runs the backend, APIs, databases, and application infrastructure | Account data, request content, usage logs | United States |
| Edge network & CDN | Delivers and caches static content, routes and gates traffic, mitigates attacks | IP addresses, request metadata | Global edge |
| Payment processor | Processes subscription and usage-based billing | Billing contact, limited payment details | United States |
| Transactional email | Sends account, verification, and service messages | Name, email address | United States |
| Product analytics & error monitoring | Measures usage and captures diagnostics to improve reliability and performance | Usage events, device/browser data, error traces | United States |
| Customer support tooling | Manages and responds to support and contact requests | Name, email, contents of your request | United States |
03Safeguards and international transfers
Each subprocessor is engaged under a written agreement that requires it to implement appropriate technical and organizational security measures, to process personal data only for the purpose of providing its service to us, and to protect personal data consistent with Applicable Data Protection Law. Where a subprocessor processes personal data in a country that requires a transfer safeguard, we rely on an appropriate mechanism such as the Standard Contractual Clauses or an equivalent protection, as described in our Privacy Policy and Data Processing Addendum.
04Changes and notice
We update this page when we add, remove, or replace a subprocessor. Customers with a signed DPA who have subscribed to notifications will receive advance notice of material changes and may object on reasonable, data-protection-related grounds in accordance with the DPA. To subscribe to subprocessor notifications or to raise an objection, please contact EvlarSoft. The effective date above reflects the current version of this list.
Questions about this document, or about which EvlarSoft entity you're dealing with?
Contact EvlarSoft →