Legal
Sub-Processors
Last updated: March 21, 2026
EVA+ AI, Inc. (“EVA+”) uses the following third-party sub-processors to deliver the EVA+ platform. Each sub-processor is bound by a Data Processing Agreement (DPA) that meets the requirements of GDPR Article 28.
Enterprise customers may request a copy of our DPA by emailing privacy@evaplus.ai. We will notify customers of any material changes to this list at least 30 days before the change takes effect.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, compute, storage (S3, RDS, Lambda, VPC) | United States (us-east-1 primary) |
| Stripe | Payment processing and billing | United States |
| PostHog | Product analytics and session recording | United States (self-hosted on AWS) |
| Sentry | Application error monitoring and performance tracking | United States |
| SendGrid (Twilio) | Transactional email delivery | United States |
| OpenAI | AI language model inference (EVA agent reasoning layer) | United States |
| Cloudflare | CDN, DDoS protection, and DNS | Global edge network |
Data Transfer Mechanisms
For sub-processors located outside the European Economic Area (EEA), EVA+ uses Standard Contractual Clauses (SCCs) as adopted by the European Commission to ensure adequate protection for international data transfers.
Contact
For questions about our sub-processors or to request a DPA:
Email: privacy@evaplus.ai