DRAFT — NOT LEGAL ADVICE. This is a starting template that requires review by a qualified attorney before customer use.
DeckTrust Subprocessors
Effective Date: [EFFECTIVE DATE — e.g., 2026-05-15]
[LEGAL ENTITY NAME] ("DeckTrust") engages a small number of third-party service providers to operate the Service. Each subprocessor is contractually bound to confidentiality and security obligations consistent with our Privacy Policy. All current subprocessors are located in the United States and process data in U.S. regions. None of our current subprocessors process Customer Data outside the United States.
Requesting the Current Subprocessor List
DeckTrust maintains a current list of subprocessors used to operate the Service, including each vendor's role, the categories of data processed, region, certifications (e.g., SOC 2 Type II, ISO 27001), and a link to its Data Processing Agreement.
The current list is provided to Customers and prospective Customers under NDA on request. To request it, email privacy@decktrust.dev. We respond within 5 business days.
The same list is delivered as Exhibit D to every executed Master Services Agreement and is incorporated by reference into the Data Processing Agreement entered into with each Customer.
Notification of Changes
We may add, remove, or replace subprocessors. To stay informed:
- Notification list: email
subprocessors@decktrust.devto be added to our subprocessor-change notification list. We aim to provide notice of new subprocessors at least thirty (30) days before they begin processing Customer Data, where reasonably practicable. - Customers under DPA: receive notice in accordance with the timing set out in the Data Processing Agreement (which is firmer than the public commitment above).
If you object to a new subprocessor, contact privacy@decktrust.dev. We will work with you in good faith and, if no acceptable resolution is reached, you may have termination rights as described in your Customer Agreement.
Contact
[LEGAL ENTITY NAME]
Email: privacy@decktrust.dev