Subprocessor review before production rollout.

Review vendor categories, data roles, integration boundaries, and notification expectations before legal approval.

The final named vendor list should be confirmed in the customer packet after the rollout scope and integrations are known.

Named register

Named and conditional subprocessors buyers can review.

This public register separates core services from customer-specific or conditionally configured vendors.

Configured when messaging credentials are enabled

HexaVox

Email delivery for website leads, demo requests, customer proof invitations, and internal notifications.

Category
Messaging and communication
Data
Contact details, request context, consent records, and message metadata.
Region
Customer-specific configuration
Conditional

Resend

Fallback email delivery when configured for website lead or proof workflows.

Category
Messaging and communication
Data
Contact details, message content, and delivery metadata.
Region
Provider-managed
Core service

HexaFit Platform / HQ

Business signup routing, account discovery, customer proof administration, and customer workflow handoff.

Category
Core platform services
Data
Business application details, account routing metadata, proof workflow records, and operating context.
Region
Environment-specific
Scoped per rollout

HexaPay

Payment workflow orchestration, merchant handoff, and payment-readiness review.

Category
Payment operations
Data
Merchant application details, business entity information, settlement context, and payment workflow metadata.
Region
Customer-specific configuration
Scoped per legal entity

Payzli

Merchant underwriting, payment processing, settlement, funding, statements, and chargeback workflows.

Category
Merchant processing
Data
Merchant legal entity, owner, banking, underwriting, transaction, funding, and chargeback records.
Region
Customer-specific configuration
Conditional

Cloudflare Turnstile

Human verification and abuse prevention for public signup flows when enabled.

Category
Security and abuse prevention
Data
Challenge token, request metadata, and verification result.
Region
Provider-managed
Configured for public web operations

Cloudflare

DNS, edge routing, TLS, and traffic protection where configured for public web properties.

Category
DNS, edge, and security
Data
Request metadata, DNS records, TLS metadata, and security telemetry.
Region
Provider-managed
Configured for infrastructure operations

Hetzner Cloud

Infrastructure provisioning and hosting operations where configured for deployment environments.

Category
Infrastructure
Data
Infrastructure metadata, server/network configuration, logs, and deployment operations metadata.
Region
Environment-specific

Review process

How subprocessor approval works.

Simple enough for operators, specific enough for procurement.

01Map

Identify each vendor category used by the customer's rollout.

02Classify

Document data role, data type, region, retention, and integration boundary.

03Approve

Confirm procurement, legal, and customer notification requirements.

04Review

Re-check vendors annually or when a material vendor changes.