360REV — Sub-processors
Effective 2026-05-11
This is the current list of sub-processors that 360REV engages to process customer personal data. We'll notify customers of material changes via in-app banner + email at least 30 days before adding a new sub-processor.
| Sub-processor | Purpose | Location |
|---|---|---|
| Neon | Postgres database hosting | us-east-2, ap-southeast-1 |
| Cloudflare R2 | Subscriber file storage | global edge |
| Google Cloud (GCP) | Compute (revtech360 VM, us-central1) | us-central1 |
| Stripe | Payment processing + subscription billing | US/EU |
| Brevo | Transactional email + subscriber-managed sending | EU |
| Twilio | Voice + SMS carrier (default; subscribers may BYOT) | US/EU/global |
| Groq | LLM inference (platform-managed) | US |
| Keycloak (self-hosted) | Identity + authentication | us-central1 (with 360REV) |
How we govern sub-processors
- Every sub-processor is bound by a written agreement that includes GDPR-compliant data protection obligations
- We conduct a vendor risk assessment before onboarding
- We monitor sub-processor compliance annually
- EU/UK transfers use SCCs (Standard Contractual Clauses) per the DPA at /legal/dpa-template
Object to a sub-processor
If you have a reasonable objection to a new sub-processor, contact privacy@360rev.com within 30 days of notice. We'll work with you on alternatives.
List last reviewed 2026-05-11. This page is the canonical source.