Last updated: March 2025
CodeElevate uses a limited number of trusted subprocessors to provide the Service. This page lists the subprocessors currently engaged by CodeElevate that may process Customer Data, as defined in the Data Processing Addendum.
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure — compute, storage, and networking | Repository metadata, analysis findings, account data | United States (primary); EU regions available on request |
| Upstash | Managed Redis — job queuing and ephemeral analysis state | Transient job identifiers and run state; no persistent source file data | United States / EU (region-configurable) |
| Resend | Transactional email delivery — account notifications and alerts | Email addresses and notification content | United States |
Each subprocessor listed above is engaged under a written agreement that imposes data protection obligations no less protective than those set out in the CodeElevate Data Processing Addendum. CodeElevate remains liable to customers for the acts and omissions of its subprocessors to the extent CodeElevate would be liable under the DPA.
Subprocessors are engaged solely to deliver the Service. Customer Data is not sold, shared for advertising purposes, or processed by subprocessors for any purpose unrelated to providing the Service to the Customer.
CodeElevate does not retain raw source files on subprocessor infrastructure beyond what is necessary to complete a given analysis run. Findings and metadata are stored in accordance with the Data Processing Addendum and the customer's account settings.
CodeElevate will provide at least thirty (30) days' prior notice before adding or replacing a subprocessor that will process Customer Data. Notice will be provided by updating this page and, where applicable, notifying account contacts by email.
Customers who have subscribed to subprocessor change notifications will receive direct email notification. To subscribe, contact contact@codeelevate.dev.
Customers may object to the engagement of a new subprocessor on reasonable data protection grounds by written notice to contact@codeelevate.dev within fourteen (14) days of receiving notification of the change. If the objection cannot be resolved, the customer may terminate the affected Services without penalty, as set out in the Data Processing Addendum. Objections that are not based on reasonable data protection grounds will not be accepted as grounds for penalty-free termination.
For questions about subprocessor arrangements, data flows, or to request information for procurement review, contact contact@codeelevate.dev.