Skip to content

Subprocessors

Last updated: February 18, 2026

This page lists third-party subprocessors that Cybexo may use to process customer data in connection with the Cybexo CMP service.

A subprocessor is any third party engaged by Cybexo to process customer data on its behalf.

Vendor Service Purpose Data Scope Region Status
Cloudflare, Inc. Infrastructure and content delivery services Consent metadata and operational logs Global Active
Google Cloud Platform (Google LLC) Legacy infrastructure and storage services Historical logs and backup data United States Active (legacy components)
Stripe, Inc. Payment processing and subscription management Customer billing information and account email (no consent metadata) Global Active
Mailgun Technologies, Inc. Transactional email delivery Customer account email address (account-related communications only) United States Active

Cybexo subprocessors process only the minimum data necessary to deliver and support the service, including:

  • consent tokens or identifiers
  • consent status by category or purpose
  • consent timestamps
  • framework flags (for example TCF, GPP, Google Consent Mode)
  • API request and operational logs
  • customer billing information (Stripe only)
  • customer account email addresses (Mailgun only)

Cybexo does not sell or use subprocessors to exploit consent data for marketing purposes.

  • Cloudflare, Inc. is used for infrastructure and content delivery services supporting CMP operations.
  • Google Cloud Platform (Google LLC) is retained for legacy infrastructure and storage services associated with historical operational data.
  • Cybexo continues to simplify legacy dependencies where feasible to reduce third-party exposure.
  • Cybexo will notify customers of material subprocessor additions or replacements in accordance with contractual obligations.
  • This page is updated when subprocessors are added, removed, or materially changed.
  • Effective dates of changes are reflected in the Changelog where applicable.
  • Customers may raise objections as defined in the Data Processing Addendum.

Cybexo requires subprocessors to:

  • implement appropriate technical and organizational security measures
  • process data only pursuant to contractual obligations
  • maintain confidentiality and data protection commitments consistent with applicable law

For questions regarding subprocessors or data processing arrangements: