Sub-processors
Last updated: 1 May 2026 · Version 1.0
Cenaris engages a small number of third-party providers ("sub-processors") to deliver the Cenaris platform and to operate this website (cenaris.com.au), which are separate systems. This page lists every current sub-processor, what it does, which system it supports, where data is processed, and the safeguards in place.
1. Current sub-processors
The table below lists every sub-processor Cenaris currently engages, which system each one supports, and where data is processed. We will update this list as our arrangements change (see section 8).
| Sub-processor | System | Purpose | Location | Entity |
|---|---|---|---|---|
| Microsoft Azure | Cenaris platform | Cloud hosting, data storage, database services, and AI inference (Azure OpenAI Service) | Australia East (Sydney) | Microsoft Pty Ltd / Microsoft Corporation |
| Vercel | Website | Website hosting and serverless functions (forms, chat, admin) | United States (global CDN) | Vercel Inc. |
| Supabase | Website | Database storing website enquiries, AI chat conversations, and leads | United States | Supabase, Inc. |
| OpenAI | Website | Generates responses for the website's AI chat assistant | United States | OpenAI, L.L.C. |
| Resend | Website | Sends email notifications when a website enquiry or lead is captured | United States | Resend, Inc. |
| Upstash | Website | Rate-limiting / abuse-prevention counters for website forms and chat (no personal information stored) | United States | Upstash, Inc. |
| ntfy.sh | Website | Push notifications to Cenaris staff when a website enquiry is received | European Union | ntfy.sh |
| Cloudflare (Turnstile) | Website | Bot and spam detection on website forms and chat | Global (Cloudflare network) | Cloudflare, Inc. |
2. Microsoft Azure (Cenaris platform)
Cenaris uses Microsoft Azure to provide core infrastructure supporting the Cenaris platform — the product your organisation logs into to manage compliance — including:
- Secure cloud hosting of the application
- Data storage and database services
- AI inference services (via Azure OpenAI Service) to support platform functionality such as analysis, summarisation, and structured outputs
3. Website (cenaris.com.au) sub-processors
This marketing website is a separate system from the Cenaris platform and uses its own set of providers:
- Vercel hosts the website and its serverless API functions.
- Supabase stores enquiries submitted through website forms, AI chat conversations, and captured leads.
- OpenAI generates responses for the website's AI chat assistant directly via its public API — this is separate from the Azure OpenAI Service used within the Cenaris platform.
- Resend sends email notifications to Cenaris staff when a website enquiry or lead is captured.
- Upstash holds short-lived rate-limit counters used to prevent abuse of website forms and chat.
- ntfy.sh delivers push notifications to Cenaris staff devices for new website enquiries.
- Cloudflare Turnstile performs bot/spam checks on website forms and chat before submission.
4. Location of processing
Cenaris platform — Australia, Sydney region. Cenaris is configured to store and process Customer data within Microsoft Azure's Australian data centres (Sydney region) wherever possible.
Website — primarily United States. The website sub-processors listed in section 3 are based in the United States (except ntfy.sh, EU), meaning enquiry, lead, and chat-conversation data submitted through this website may be processed outside Australia. Each provider is used under its own standard data processing terms; we do not use website-submitted data to train third-party AI models.
5. Data handling and security
Microsoft Azure provides enterprise-grade security and compliance controls, including:
- Encryption of data in transit and at rest
- Role-based access controls and identity management
- Physical and network security aligned with global best practices
- Compliance with internationally recognised standards
Cenaris configures and manages its Azure environment to align with its own data protection, access control, and audit requirements. The website sub-processors in section 3 are selected for their own security practices (encryption in transit, access controls) and are only given the minimum data needed to perform their function.
6. AI processing
Cenaris platform. Where AI-enabled features are used within the platform:
- Processing is performed via Azure OpenAI Service within the Azure environment
- Customer data is not used to train public or third-party AI models
- AI outputs are generated within Cenaris-controlled workflows and subject to internal safeguards
Website. The AI chat assistant on cenaris.com.au calls OpenAI's public API directly (not via Azure). Messages you send the assistant, and any contact details you provide, are sent to OpenAI to generate a response and are not used by Cenaris to make legal, medical, or compliance determinations about you.
7. Contractual safeguards
Cenaris ensures that each sub-processor listed above is subject to data protection obligations materially equivalent to those set out in Cenaris' Terms and Privacy Policy, and is used under that provider's standard data processing agreement.
8. Changes & notice
If Cenaris engages a new sub-processor, or materially changes how an existing sub-processor is used, this page will be updated and the "Last updated" date at the top revised. Where required by contract, Customers will be notified directly in advance.
9. Contact
For questions about this page or any sub-processor arrangement:
Email: privacy@cenaris.com.au
Hours: Mon–Fri, 9am–5pm AEST
This page is unlisted and is shared on request. It is not linked from the public Cenaris website.