Sub-processor management
Reviving maintains a sub-processor review workflow and shares the latest named vendor list during diligence or contracting. This page explains the management model and the categories currently suitable for public publication.
How Reviving manages sub-processors
Sub-processors are evaluated based on the function they perform, the sensitivity of the data they may access, the contract posture, and the control environment required for the workflow.
Reviving does not publish named vendors on this page unless that inventory is approved for public release. Instead, it uses this page to explain the model and route validated diligence requests to the latest maintained list.
Publicly described categories
| Category | Typical purpose | Data profile | Review trigger | Public status |
|---|---|---|---|---|
| Infrastructure hosting | Production application hosting, storage, compute, and networking. | Application data, metadata, encrypted backups, and system telemetry. | Annual security review, major architecture change, or new region launch. | Named providers shared during diligence and contract review. |
| Observability and incident response | Application monitoring, logging, alert routing, and availability investigation. | Operational logs, system events, limited support context, and diagnostic traces. | Control review at onboarding and whenever log-retention or alerting scope changes. | Named providers shared during diligence and contract review. |
| Customer communication services | Transactional email, SMS, voice, and notification delivery used in approved workflows. | Contact data, message metadata, and delivery events as configured by the customer. | Channel expansion, new message type, or material routing change. | Named providers shared during diligence and contract review. |
| Support and ticketing | Customer support operations, issue triage, and implementation coordination. | Business contact details, support metadata, and troubleshooting context. | Quarterly access review plus review of data-handling scope for each tool. | Named providers shared during diligence and contract review. |
Change management and notifications
Material changes to the sub-processor footprint should follow internal review, contractual review where required, and customer notification commitments defined in the applicable agreement.
Customers with notification or objection rights should confirm the final process in the DPA or main agreement.
Use the contact page to request the latest maintained register so the trust team can share the right version for your diligence workflow.
Move your security review forward
Use the trust center to start document requests, understand our operating model, and route any privacy or security diligence questions to the right team.