Legal / Subprocessors
Subprocessors
Last updated: June 10, 2026
This page lists the third-party subprocessors that True Mark Consulting, LLC DBA ArcasyaAI (“Arcasya”) engages to process personal data on behalf of its clients in connection with the Arcasya platform and services. This list is maintained pursuant to Arcasya’s Data Processing Agreement (DPA) and Privacy Policy.
Arcasya will provide at least 30 days advance notice of any material additions or replacements to this subprocessor list. Clients who have executed a DPA with Arcasya may object to new subprocessors per the terms of that agreement. Subscribe to subprocessor update notices by emailing info@arcasya.ai with subject: “Subprocessor Updates — Subscribe.”
1. Infrastructure and Hosting Subprocessors
| Subprocessor | Parent Entity | Purpose | Data Location | Security Cert |
|---|---|---|---|---|
| Supabase | Supabase Inc. | Database, authentication, file storage, row-level security | USA / EU (selectable) | SOC 2 Type II |
| Vercel | Vercel Inc. | Hosting, edge delivery, serverless functions | Global (AWS) | SOC 2 Type II |
2. AI Model Providers
When clients submit inputs or prompts to Arcasya’s AI-powered features, those inputs are transmitted to one or more of the following providers to generate AI outputs. Each provider processes data under their own API terms and data handling policies, referenced below.
| Subprocessor | Parent Entity | Purpose | Policy Reference | Data Location |
|---|---|---|---|---|
| Anthropic API (Claude) | Anthropic PBC | Primary AI model inference for agent reasoning and content generation | privacy.anthropic.com | USA |
| xAI API | X.AI Corp. | Voice model inference for voice sessions | x.ai/privacy | USA |
3. Integration and Scheduling Subprocessors
| Subprocessor | Parent Entity | Purpose | Data Location | Security Cert |
|---|---|---|---|---|
| Google LLC | Workspace integration APIs (Gmail, Calendar, Drive) connected by clients | USA / Global | ISO 27001, SOC 2 | |
| Calendly | Calendly LLC | Embedded meeting scheduling for discovery calls | USA | SOC 2 Type II |
4. Payment Processing Subprocessors
| Subprocessor | Parent Entity | Purpose | Data Location | Security Cert |
|---|---|---|---|---|
| Stripe (at GA) | Stripe Inc. | Payment processing, subscription billing, invoicing | USA / Global | PCI DSS Level 1, SOC 2 |
5. Data Categories Processed
The following categories of personal data may be processed by Arcasya subprocessors in connection with the Services:
| Data Category | Examples | Subprocessors with Access |
|---|---|---|
| Identity and contact data | Name, email address, phone number, job title, company | Supabase, Calendly |
| Account credentials | Hashed passwords, auth tokens, session identifiers | Supabase |
| Usage and behavioral data | Page views, feature interactions, session duration, click paths | Supabase |
| AI prompt inputs | Text inputs submitted to AI agent features and workflows | Anthropic |
| Voice session data | Audio inputs and outputs for voice sessions | xAI |
| AI-generated outputs | Content, decisions, or data generated by AI models | Supabase |
| Workspace integration data | Email, calendar, and document data from connected Google Workspace accounts | Google, Supabase |
| Client business data | CRM records, lead data, workflow configurations (client-controlled) | Supabase |
| Payment information | Billing name, address, last 4 digits (full card data not stored by Arcasya) | Stripe (at GA) |
| Scheduling data | Meeting times, calendar availability, names, emails | Calendly |
| Technical and device data | IP address, browser type, OS, error logs | Supabase, Vercel |
6. Special Categories of Data
Arcasya does not intentionally process special categories of personal data (health, biometric, racial or ethnic origin, religious beliefs, sexual orientation, or criminal record data) through its standard platform. If your use case involves such data, contact us before proceeding to ensure appropriate safeguards are in place, including a signed DPA and, where applicable, a HIPAA Business Associate Agreement (BAA).
7. Subprocessor Change Notification
Arcasya maintains this subprocessor list and updates it whenever a material change occurs. Our process:
- New or replacement subprocessors are added with at least 30 days advance notice to clients who have executed a DPA.
- Notice is provided via email to the primary contact on file and via an updated version of this document.
- Clients may object to new subprocessors per the terms of the DPA within 14 days of notice.
- Subprocessors marked “at GA” above will be formally activated when the corresponding feature reaches general availability.
To subscribe to subprocessor change notifications, email info@arcasya.ai with subject line: “Subprocessor Updates — Subscribe”
8. Subprocessor Oversight
Arcasya maintains contractual relationships with each subprocessor that include:
- Data processing obligations no less protective than those in Arcasya’s DPA.
- Requirements to implement appropriate technical and organizational security measures.
- Restrictions on sub-processing without prior written approval.
- Data deletion or return requirements upon termination.
- Cooperation with audits and regulatory requests.
9. Contact
For questions about this subprocessor list, to request a DPA, or to exercise your rights as a data subject:
True Mark Consulting, LLC DBA ArcasyaAI
23200 Deming Road, Cicero, Indiana 46034, United States
Email: info@arcasya.ai
Subject: “Subprocessor Inquiry — [Topic]”