CoreForge engages a small set of vetted third-party service providers ("sub-processors") to operate the Service. Each sub-processor is bound by a written data-protection agreement that imposes obligations no less protective than those we owe to you under our Privacy Policy and Data Processing Addendum.
This page is the public list maintained pursuant to Article 28(2) of the GDPR and the equivalent disclosures required by the CCPA and other U.S. state privacy laws.
1. Active sub-processors
| Sub-processor | Purpose | Data categories | Region | Transfer mechanism |
|---|---|---|---|---|
| MongoDB Atlas (MongoDB, Inc.) | Primary application database hosting. | Customer Data, account data, content. | United States | SCCs (EU SCCs 2021/914) + DPA |
| Cloudflare, Inc. | DNS, edge CDN, DDoS mitigation, bot management, Turnstile. | IP address, request headers, basic device data. | Global (US-headquartered) | SCCs + UK IDTA |
| Emergent Labs, Inc. | Application hosting and continuous delivery platform. | All Customer Data (in transit at deploy time + runtime logs). | United States | SCCs + DPA |
| Dropbox, Inc. | Encrypted off-site backup storage for tenant database snapshots. | Encrypted full database snapshots. | United States | SCCs + DPA |
| Mailgun Technologies, Inc. | Transactional email delivery (account, billing, alerts). | Email address, name, delivery metadata. | United States / European Union | SCCs + DPA |
| Telegram FZ-LLC | Operational alerting bot for the platform owner (no Customer Data). | Internal system telemetry, no end-user PII. | United Arab Emirates | Vendor T&Cs (no PII transferred) |
2. Change notice
We notify customers of any new sub-processor at least 30 days in advance via in-product banner or email, giving the customer the opportunity to object as set out in the Data Processing Addendum.
3. International data transfers
Where personal data flows from the EEA, UK or Switzerland to a country without an adequacy decision, we rely on the European Commission's 2021 Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and where appropriate the Swiss FDPIC-approved clauses, supplemented by additional safeguards (encryption in transit and at rest, contractual obligations on sub-processors, transparency reports).
4. Subscribe to notifications
To be notified whenever we add or remove a sub-processor, email privacy@coreforgeapp.com with the subject "Subscribe to sub-processor notifications".
5. Contact
GreinchWW LLC (d/b/a CoreForge)
2106 House Ave STE 741, Cheyenne, WY 82001, United States
Email: privacy@coreforgeapp.com