Third-Party Sub-processors

Database, authentication, and storage for app.normos.io. Hosts all customer data including Forensic Findings, scan runs, audit logs, and encrypted OAuth tokens.

Platform hosting and global edge network for both normos.io (landing page) and app.normos.io (dashboard). Handles all HTTP requests, server-side rendering, and API routes.

DNS, CDN, WAF, DDoS protection, and bot management for normos.io and app.normos.io. All traffic passes through Cloudflare before reaching Vercel.

Transactional email delivery for platform notifications including invitations, password resets, MFA enrolment, and pilot application confirmations.

OAuth provider for read-only integration with customer GitHub organisations. No data is stored from GitHub beyond the OAuth access token, which is encrypted at rest.

Bot and abuse protection on authentication forms (login and password reset). Processes IP addresses and browser fingerprints to distinguish humans from bots.

Email infrastructure via Amazon SES, used by Resend for email delivery. Also the underlying infrastructure for Supabase EU Ireland deployment.

Customer relationship management (CRM). Processes contact names, email addresses, and company names of Normos prospects and customers for sales and account management purposes.

Electronic document signing for Pilot Agreements, NDAs, and other legal documents. Processes names, email addresses, and signed document content of signatories.

Meeting scheduling for product demos and pilot feedback calls. Processes names, email addresses, and meeting metadata of prospects and customers who book calls.