Trust
Subprocessors
The third-party providers Elevate Compliance uses to deliver the service. Customers should review this list as part of pilot or subscription diligence.
This list is a working reference draft. External legal, privacy, and security review has been deferred by Elevate while the platform is in founding pilot. Provider entries marked TBD will be finalized before broader customer publication. Notify Elevate if your organization requires guaranteed regional processing before uploading sensitive documents.
| Provider | Purpose | Data categories | Region / status |
|---|---|---|---|
| Supabase | Database, authentication, and private document storage | Account, organization, property, equipment, vendor, inspection, certificate, GHG/energy, and usage/log data | Project region configured per Supabase plan; verify with Elevate before uploading sensitive documents |
| Vercel | Application hosting, deployment, and edge delivery | Application traffic, request metadata, deployed assets, and usage/log data | Deployment region configured per Vercel plan; processing may occur at Vercel edge locations |
| Stripe | Billing and payment processing | Billing contact data, customer/payment metadata, invoices, subscription status, partial payment method details | Stripe processes payment data under its own privacy and data handling terms |
| OpenAI | AI-assisted document date and field extraction (suggestions only; human review required) | Uploaded document content, document images or extracted text, and limited document type metadata submitted for extraction | Processed by OpenAI under its API and privacy terms; not used for advertising or model training |
| Email provider | Transactional email and service communications | Email addresses, names, organization names, transactional email content, delivery metadata | Provider TBD; specific provider will be confirmed before customer publication |
| GitHub | Source code hosting and operational tooling | Source code, issues, pull requests, operational notes; not intended for customer document storage | Customer documents are not stored in GitHub |
| Google Workspace | Business email, calendar, documents, support communications, and internal operations | Business emails, support communications, attachments sent by customers, meeting notes, operational documents | Used for internal operations; customer documents are not stored here outside of explicitly authorized exchanges |
Notes
- Elevate does not currently make a Canadian data residency claim.
- Elevate does not currently make a SOC 2 claim.
- Customer documents are not manually moved into unapproved tools, personal accounts, unmanaged folders, or unsupported communication channels.
- AI provider use is disclosed in the Privacy Policy before customer documents are processed.
- If a provider is removed, replaced, or added, this page and the related Data Handling & Security page will be updated before customer-facing use.
Questions about subprocessors may be sent to:
Elevate Facility Services Ltd
250-997 Seymour Street
Vancouver, British Columbia V6B 3M1
info@elevatefacilityservices.ca