Subprocessors
Last updated: January 11, 2026
Version: 2026.01.11
1. Overview
Noxtica uses third-party service providers ("Subprocessors") to help deliver our Services. This page lists our current Subprocessors and describes how they process data on our behalf.
As a Noxtica customer, you authorize us to engage these Subprocessors for the purposes described below.
2. Current Subprocessors
2.1 Infrastructure and Hosting
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Cloudflare, Inc. | Infrastructure, CDN, edge computing, DDoS protection | All service data including fingerprints, API requests, and user sessions | Global (edge locations worldwide) |
Cloudflare Services Used:
- Workers (serverless compute)
- D1 (database)
- KV (key-value storage)
- Pages (website hosting)
- CDN and caching
- Security services (WAF, Bot Management)
2.2 Fonts and Assets
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Google LLC | Web fonts (Google Fonts) | IP address, user agent (standard HTTP request data) | Global |
Note: Google Fonts are loaded on our landing pages. No fingerprint or customer data is shared with Google.
3. Categories of Data Processed
Depending on the Subprocessor, the following categories of data may be processed:
3.1 Technical Infrastructure Data
- API requests and responses
- Fingerprint data and risk scores
- Session and authentication data
- Logs and audit trails
3.2 Account Data
- Email addresses
- Hashed passwords
- Role and permission information
3.3 Request Metadata
- IP addresses
- User agents
- Geographic location (derived from IP)
- Request timestamps
4. Security and Compliance
4.1 Subprocessor Requirements
We select Subprocessors that maintain appropriate security measures, including:
- Encryption in transit and at rest
- Access controls and authentication
- Security certifications (SOC 2, ISO 27001, or equivalent)
- Data protection agreements
4.2 Cloudflare Compliance
Cloudflare maintains the following certifications and compliance:
- SOC 2 Type II
- ISO 27001
- GDPR compliance (including SCCs)
- HIPAA (for eligible services)
- PCI DSS
For details, see Cloudflare's Trust Hub.
5. Data Transfers
5.1 International Transfers
Some Subprocessors may process data outside your jurisdiction. We ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs) - Where required by GDPR
- Adequacy decisions - For transfers to countries with adequate protection
- Supplementary measures - Technical and organizational safeguards
5.2 Cloudflare Data Residency
Cloudflare's edge network is global. Data may be processed at edge locations near the requesting user. For specific data residency requirements, contact us.
6. Updates to Subprocessor List
6.1 Notification
We may update our Subprocessor list as our business needs evolve. For material changes:
- We will update this page with the new Subprocessor details
- For enterprise customers with DPAs, we will provide notice as specified in the agreement
6.2 Objections
If you have a legitimate objection to a new Subprocessor, please contact us promptly. We will work to address your concerns. If we cannot resolve the objection, you may terminate affected services.
7. Historical Changes
| Date | Change |
|---|---|
| January 11, 2026 | Initial publication |
8. Contact
For questions about our Subprocessors or data processing:
- Email: [email protected]
- Subject: Subprocessor Inquiry
For enterprise customers with Data Processing Agreements, please contact your account representative.
This Subprocessor list is effective as of the Last Updated date above.