Legal

Subprocessors

Last updated: July 2026

Third-party vendors that process personal data on behalf of Cerbi.

This page lists the third-party sub-processors that Cerbi engages to process personal data in connection with operating cerbi.io and delivering the CerbiShield and CerbiStream products.

Important distinction: CerbiShield deploys inside your own Azure tenant. Azure services within your tenant are your processors, not Cerbi's. Cerbi does not receive your application log data. The Azure services listed in the second table below are included for completeness, so your security team can account for the full data flow within the product.

We review and update this list when we add or remove subprocessors. Customers with a signed DPA are entitled to 30 days' prior notice of material changes to this list. To request notification, email privacy@cerbi.io.

cerbi.io website and support services

These subprocessors are used to operate cerbi.io and Cerbi support.

Vercel

Vercel Inc.United States

Purpose: Web hosting and CDN infrastructure for cerbi.io. Serves the website and processes standard server access logs.

Data types: Server access logs (IP address, user agent, request path, response codes)

Privacy policy

Google Analytics (GA4)

Google LLCUnited States (EU data center option available via data residency controls)

Purpose: Website usage analytics. Loaded only after explicit analytics cookie consent.

Data types: Pseudonymous usage data: pages visited, session duration, referral source, approximate location (country/region). No personally identifiable information is deliberately collected.

Privacy policy

Microsoft Clarity

Microsoft CorporationUnited States

Purpose: Session replay and heatmap analytics. Loaded only after explicit product analytics cookie consent.

Data types: Session recordings, click heatmaps, scroll depth. Microsoft Clarity automatically masks text inputs and password fields.

Privacy policy

Resend

Resend Inc.United States

Purpose: Transactional email delivery for contact form submissions and support responses.

Data types: Name, email address, and message content from contact form submissions.

Privacy policy

GitHub

GitHub Inc. (Microsoft)United States

Purpose: Source code repository, issue tracking, and CI/CD pipelines for Cerbi products.

Data types: Contributor email addresses, code commit metadata. No customer personal data is stored in GitHub.

Privacy policy

Convai

Convai Technologies Inc.United States

Purpose: AI chat assistant widget embedded on cerbi.io for answering product questions.

Data types: Chat messages entered by website visitors. No account or persistent identity is required.

Privacy policy

Azure services within customer tenants

When you deploy CerbiShield into your Azure subscription, the following Azure services are used within your tenant. These are your processors, operating under your Azure subscription agreement and your DPA with Microsoft. They are listed here for transparency.

Azure Cosmos DB / SQL

Governance metadata, policy definitions, and violation records storage within the customer tenant.

Azure Blob Storage

Log artifact and governance evidence storage within the customer tenant.

Azure Key Vault

Encryption key management for customer-managed keys within the customer tenant.

Azure Active Directory

Identity and access management for CerbiShield RBAC.

Azure Monitor / Application Insights

Optional operational monitoring for the CerbiShield control plane. Customer-controlled and tenant-scoped.

Microsoft Azure's privacy and DPA documentation: Microsoft Trust Center

Related documents

[ cerbi ] · Start now

One NuGet package. No pipeline changes. Policy-as-code governance that runs in-process before sensitive data ever reaches Splunk, Datadog, or Azure Monitor.

14-day free trial/No credit card/Works with Serilog · NLog · MEL
Subprocessors | Cerbi