Lista de Subcontratantes
Última atualização: 19 de maio de 2026
Os fornecedores listados abaixo tratam dados pessoais por conta da cepaos LLC ao abrigo dos respectivos Acordos de Tratamento de Dados (DPA). A lista é parte integrante da nossa DPA e é mantida actualizada. Os clientes serão notificados com pelo menos 30 dias de antecedência sobre qualquer alteração material.
| Nome | Função | Categorias de dados | Localização | Base de transferência | Política do fornecedor |
|---|---|---|---|---|---|
| Stripe, Inc. | Payment processing (non-LATAM markets, including Portugal) | Billing contact, Tax ID, Tokenised card reference | United States (Ireland for EU customers) | SCC + EU-U.S. DPF | stripe.com |
| dLocal LLP | Payment processing (LATAM: AR, BR, CL, MX, UY) | Billing contact, Tax ID, Tokenised card reference | Uruguay | Adequacy decision | dlocal.com |
| Supabase, Inc. | Managed PostgreSQL database, authentication and object storage | Account data, Operational data inserted by the customer, Auth tokens | European Union (eu-central-2, Frankfurt) | Within EU/EEA | supabase.com |
| Resend, Inc. | Transactional email delivery | Email address, Email content metadata | United States | SCC | resend.com |
| Sentry (Functional Software, Inc.) | Application error monitoring (with PII scrubbing) | IP address, User identifier, Stack traces | United States | SCC | sentry.io |
| Cloudflare, Inc. | CDN, DNS and DDoS protection | IP address, Request metadata | Global edge network (anycast) | SCC + EU-U.S. DPF | www.cloudflare.com |
| Amazon Web Services, Inc. | Underlying infrastructure (via Supabase) and selected archival storage | Encrypted database backups | European Union (eu-central-1, Frankfurt) | Within EU/EEA | aws.amazon.com |
| Upstash, Inc. | Redis cache and rate-limiting | Session identifiers, Rate-limit counters | European Union (eu-west-1) | Within EU/EEA | upstash.com |
| Anthropic, PBC | Large Language Model API for AI-assisted features (e.g. compliance watchdog summarisation) | Public regulatory text, Aggregated, anonymised operational summaries | United States | SCC | www.anthropic.com |
| Railway Corp. | Application hosting and deployment platform | Request logs, Application runtime metadata, IP address (transient) | United States (primary) / EU regions when configured | SCC | railway.app |
| PostHog, Inc. | Product analytics and feature flag delivery | Pseudonymous user identifier, Page views and product events, IP address (truncated) | European Union (eu.i.posthog.com, Frankfurt) | Within EU/EEA | posthog.com |
| Qik Innovations Pvt Ltd (OpenSign) | Electronic signature platform for B2B contracts, NDAs and one-shot business documents (ad-hoc use) | Signer name and email, IP address and user agent at signature, Signature image / drawn signature, Timestamp and audit trail, Document content (may contain personal data depending on the signed document) | India (hosted SaaS at opensignlabs.com; EU instance at eu-app.opensignlabs.com — residency not contractually guaranteed) | SCC (pending signature) | www.opensignlabs.com |
Para questões, contactar privacy@cepaos.com