Legal
Subprocessor List
Last updated: 24 April 2026
Noctara Red
Last updated: 24 April 2026
Noctara Security Ltd uses the third-party subprocessors listed below to operate the Noctara Red platform. All subprocessors are bound by data processing obligations no less protective than those set out in our Data Processing Agreement.
We will provide not less than 30 days' prior written notice of any addition or material change to this list by updating this page and notifying affected customers.
Infrastructure, Hosting, and Core Platform
| Subprocessor | Service provided | Data categories | Hosting region | Transfer mechanism |
|---|---|---|---|---|
| Supabase, Inc. | Authentication, database, storage, and backend platform infrastructure | Account data, Customer Data, uploaded files, session metadata, and operational records | Configured project region | UK adequacy / SCCs where applicable |
| Vercel Inc. | Application hosting, deployment infrastructure, and delivery network | Platform traffic, deployment metadata, limited operational logs, and rendered application content | Configured deployment region with global edge delivery where applicable | UK-US Data Bridge / SCCs where applicable |
AI Inference
| Subprocessor | Service provided | Data categories | Hosting region | Transfer mechanism |
|---|---|---|---|---|
| OpenAI, LLC | AI inference for report generation, vulnerability enrichment, and narrative outputs | Customer Data submitted for AI processing, including scan outputs, findings, and report content | United States | IDTA / SCCs where applicable |
Payments
| Subprocessor | Service provided | Data categories | Hosting region | Transfer mechanism |
|---|---|---|---|---|
| Stripe, Inc. | Subscription billing, checkout, payment processing, invoicing, and customer billing portal | Billing contact data, subscription records, payment metadata, invoice history, and customer billing identifiers | Stripe service regions as configured by Stripe | UK adequacy / SCCs where applicable |
Notes on AI Processing
The Noctara Red platform uses OpenAI as its AI inference provider for report generation and vulnerability enrichment features. Personal data contained within Customer Data may be submitted to OpenAI's API as part of this processing.
Data submitted via the OpenAI API is processed under contractual restrictions and is not used to train OpenAI's models.
Change Log
| Date | Change |
|---|---|
| 24 April 2026 | Initial subprocessor list published and updated to reflect Supabase, Vercel, OpenAI, and Stripe. |
Contact
For questions about our subprocessors or data transfer mechanisms, contact info@noctara.tech.