Subprocessors
Last updated: July 30, 2025
ZPL.ai defines customer data as all data provided by the customer to ZPL.ai through their use of ZPL.ai services. Some customer data is personal data as defined under GDPR.
The ZPL.ai Subprocessor List identifies subprocessors authorized to subprocess customer or personal data on behalf of ZPL.ai to provide services to our customers. This list is applicable for all ZPL.ai services governed by the ZPL.ai Data Protection Agreement.
ZPL.ai publishes the names of any new subprocessors for its online services at least 14 days in advance of the subprocessor’s authorization to perform services that may involve access to customer data or personal data.
If you have questions about this list, please contact us at legal@ZPL.ai
Current Subprocessors
| Subprocessor | Purpose / Services | Types of Data Processed | Typical Processing Locations | Notes |
|---|---|---|---|---|
| DigitalOcean, LLC | Application hosting, compute, storage, backups | Account metadata, application logs, Customer Data stored/processed by the app | US, EU (region depends on deployment) | Infrastructure provider |
| Microsoft Azure | Application hosting, database/storage services, backups | Account metadata, application logs, Customer Data stored/processed by the app | US, EU (region depends on deployment) | Infrastructure provider |
| Amazon Web Services, Inc. (AWS) | Application hosting, storage, CDN (if configured), backups | Account metadata, application logs, Customer Data stored/processed by the app | US, EU (region depends on deployment) | Infrastructure provider |
| Google Cloud Platform (Google LLC) | Application hosting, storage, machine resources | Account metadata, application logs, Customer Data stored/processed by the app | US, EU (region depends on deployment) | Infrastructure provider |
| Cloudflare, Inc. | Content delivery network (CDN), DDoS/WAF, edge caching, DNS | IP addresses, request headers, limited log data, cached content | Global edge network | Security and performance; processes traffic metadata |
| OpenAI, L.L.C. | AI inference for optional features (assistant, analysis, suggestions) | User prompts/outputs sent by the customer or app to AI features; related usage metadata | US/EU (provider region; may vary by feature) | Only for AI-enabled features; customers control whether data is sent |
| Stripe, Inc. | Payment processing, billing, invoicing | Name, email, billing address, payment method tokens, transaction details | US, EU (as needed for processing) | PCI DSS Level 1 processor; we do not store raw card numbers |
