Subprocessor List

Last Updated: December 2, 2025

1. Overview

LAVT Supply engages certain third-party service providers ("Subprocessors") to assist in providing the AV Management Suite platform. This page lists all Subprocessors that may process customer data.

As outlined in our Data Processing Agreement (DPA), we provide 30 days' advance notice before engaging new Subprocessors that will process personal data.

2. Infrastructure and Hosting Subprocessors

Vercel Inc.

  • Service Provided: Frontend hosting and edge network
  • Data Processed: Application code, static assets, user requests
  • Data Location: United States (with global edge caching)
  • Security & Compliance: SOC 2 Type II, GDPR compliant
  • Website: vercel.com

Amazon Web Services (AWS)

  • Service Provided: Database hosting, file storage, compute infrastructure
  • Data Processed: All customer data (projects, users, documents, etc.)
  • Data Location: United States (primary), with regional options available
  • Security & Compliance: SOC 1/2/3, ISO 27001, PCI DSS, GDPR compliant
  • Website: aws.amazon.com

Vercel Postgres (Neon)

  • Service Provided: PostgreSQL database hosting
  • Data Processed: All structured customer data
  • Data Location: United States
  • Security & Compliance: SOC 2 Type II, GDPR compliant
  • Website: neon.tech

Vercel Blob Storage

  • Service Provided: File and document storage
  • Data Processed: Uploaded files, documents, images, attachments
  • Data Location: United States
  • Security & Compliance: Encryption at rest and in transit, GDPR compliant
  • Website: vercel.com/storage/blob

3. Payment Processing Subprocessors

Stripe, Inc.

  • Service Provided: Payment processing, subscription billing
  • Data Processed: Payment information, billing details, subscription data
  • Data Location: United States (with global processing capabilities)
  • Security & Compliance: PCI DSS Level 1, SOC 1/2, ISO 27001, GDPR compliant
  • Website: stripe.com
  • Note: Payment card data is processed directly by Stripe and never stored on our servers

4. Authentication and Identity Subprocessors

Microsoft Corporation (Azure AD)

  • Service Provided: Authentication, identity management, single sign-on
  • Data Processed: User identity data, authentication tokens, Microsoft IDs
  • Data Location: Global (varies by tenant configuration)
  • Security & Compliance: SOC 1/2/3, ISO 27001/27018, GDPR compliant
  • Website: azure.microsoft.com

5. Document and File Processing Subprocessors

Adobe Inc. (Adobe Sign)

  • Service Provided: Electronic signature services
  • Data Processed: Documents for signature, signer information, signature metadata
  • Data Location: United States
  • Security & Compliance: SOC 2 Type II, ISO 27001, ESIGN Act compliant, GDPR compliant
  • Website: acrobat.adobe.com/sign

Microsoft Corporation (SharePoint/OneDrive)

  • Service Provided: Document storage and collaboration (optional integration)
  • Data Processed: Documents, files uploaded by users to SharePoint/OneDrive
  • Data Location: Varies by customer Microsoft tenant configuration
  • Security & Compliance: SOC 1/2/3, ISO 27001/27018, GDPR compliant
  • Website: microsoft.com/microsoft-365
  • Note: Only processes data if customer enables SharePoint/OneDrive integration

Google LLC (Google Drive)

  • Service Provided: Document storage (optional integration)
  • Data Processed: Documents, files uploaded by users to Google Drive
  • Data Location: Global (varies by customer configuration)
  • Security & Compliance: SOC 2/3, ISO 27001/27017/27018, GDPR compliant
  • Website: google.com/drive
  • Note: Only processes data if customer enables Google Drive integration

Apache Tika (Self-Hosted)

  • Service Provided: Document parsing and text extraction
  • Data Processed: Document files for text extraction and metadata analysis
  • Data Location: Self-hosted on our infrastructure (same as application)
  • Security & Compliance: Inherits security measures from our hosting infrastructure
  • Website: tika.apache.org
  • Note: Open-source software, self-hosted (not a third-party service)

6. Monitoring and Analytics Subprocessors

Vercel Analytics

  • Service Provided: Web analytics, performance monitoring
  • Data Processed: Page views, performance metrics, anonymized usage data
  • Data Location: United States
  • Security & Compliance: GDPR compliant, privacy-focused analytics
  • Website: vercel.com/analytics

7. Email and Communication Subprocessors

SendGrid (Twilio Inc.)

  • Service Provided: Transactional email delivery
  • Data Processed: Email addresses, email content, delivery status
  • Data Location: United States
  • Security & Compliance: SOC 2 Type II, ISO 27001, GDPR compliant
  • Website: sendgrid.com

8. Subprocessor Changes

We will update this list when we engage new Subprocessors or remove existing ones. Customers will be notified of changes as follows:

  • New Subprocessors: 30 days' advance notice via email to account administrators
  • Material Changes: Email notification and update to this page
  • Removed Subprocessors: Update to this page without advance notice

9. Objecting to Subprocessors

If you object to a new Subprocessor on reasonable grounds relating to data protection:

  • Notify us in writing within 30 days of receiving notice
  • Provide detailed reasons for your objection
  • We will work with you to address your concerns or find an alternative solution
  • If we cannot resolve the issue, you may terminate your subscription without penalty

10. Subscribe to Updates

To receive notifications about Subprocessor changes:

All account administrators automatically receive email notifications about new Subprocessors. Ensure your contact information is up to date in your account settings.

11. Contact Information

For questions about our Subprocessors or data processing:

Data Protection Officer

LAVT Supply

Email: legal@lavtsupply.com

Subject: Subprocessor Inquiry

This Subprocessor List was last updated on December 2, 2025.