Legal

Subprocessors

Last updated: April 19, 2026

A subprocessor is a third party that processes customer data on our behalf as part of delivering CeliaConnect. Because of our no-PII architecture, most subprocessors never see personal student information — even ones that appear elsewhere in the SaaS industry with broad data access.

This list is updated within 10 days of adding or removing any subprocessor. Enterprise customers receive advance notice of material changes and have the right to object to new subprocessors under standard DPA terms.

Cloudflare, Inc.

United States (with global edge locations)

In use

Purpose: Edge compute, per-Organization D1 databases, KV (secrets and config), R2 (cold storage), Analytics Engine, Vectorize, Durable Objects, Queues, Pages hosting, and Web Analytics.
Data categories: Anonymous Slate IDs, behavioral signals, tenant configuration, audit logs, encrypted credentials, website analytics (cookieless).

Anthropic, PBC

United States

In use

Purpose: Claude API — AI reasoning for risk scoring, outreach drafting, executive briefs, and natural-language analytics.
Data categories: Anonymous behavioral signals only. No names, emails, phone numbers, or other personal information are ever sent.

Stripe, Inc.

United States

In use

Purpose: Subscription billing, payment processing, invoicing, Customer Portal, and metered usage.
Data categories: Institutional billing contact name and email, payment method details (handled by Stripe, not stored by CeliaConnect), subscription metadata.

Twilio, Inc.

United States

Used only when feature enabled

Purpose: SMS delivery for AutoPilot and ChannelIQ (Growth tier and above).
Data categories: Message content and phone numbers. Twilio only sees messages when SMS channel is actively used and is assembled inside Slate with real contact details.

Postmark (ActiveCampaign, LLC)

United States

Planned

Purpose: Transactional email delivery — account notifications, password resets, approval queues, system alerts.
Data categories: Institutional user email addresses, message content. Never used for outreach to students.

Plaid, Inc.

United States

Planned

Purpose: Read-only bank balance and transaction sync for the internal accounting module. Never used for customer data.
Data categories: CeliaConnect's own bank account data only. Customer data is never shared with Plaid.

What CeliaConnect itself never processes

Because of our no-PII architecture, the following categories never reach any subprocessor regardless of the vendor’s capabilities: student names, email addresses, phone numbers, physical addresses, SSNs, dates of birth, health or disability information, financial account numbers, essay content, recommendation letter text, photos, and biometrics. These stay inside your Slate instance.

Read the full architectural details →

Notification of changes

We notify Enterprise customers in writing at least 30 days before engaging a new subprocessor that would process their data. This list is updated within 10 days of any change. Subscribe to updates at legal@celiaconnect.com.