Subprocessors

Last updated: July 2, 2026

Softserve Software LLC d/b/a Car Storage Software
About This List

We use the following third-party subprocessors to deliver our Service. Each is bound by a data processing agreement imposing confidentiality and security obligations materially equivalent to our own Data Processing Agreement, and each processes personal data only to provide services to us.

We update this page before adding or replacing subprocessors. To receive change notifications, email matt@carstoragesoftware.com with the subject “Subprocessor notifications.”

Current Subprocessors
SubprocessorPurposePersonal data processedLocationTransfer safeguards
Vercel Inc.Application hosting, serverless compute, and file/object storage (uploaded photos and documents)All Service data in transit and uploaded filesUnited States (global edge network)EU–U.S. Data Privacy Framework; Standard Contractual Clauses (DPA)
Neon, Inc.Primary managed PostgreSQL database hosting with encryption at rest and automated backupsAll structured Service data (accounts, customers, vehicles, records)United StatesStandard Contractual Clauses (DPA); encryption at rest
Stripe, Inc.Payment processing, invoicing, and payouts (including Stripe Connect and Tap to Pay)Names, emails, billing addresses, payment credentials (held by Stripe; we never store card numbers)United StatesEU–U.S. Data Privacy Framework; Standard Contractual Clauses (DPA)
Twilio Inc. (including SendGrid)Transactional email, SMS notifications, and optional telephony/voice featuresNames, email addresses, phone numbers, message content, call metadata and optional recordingsUnited StatesEU–U.S. Data Privacy Framework; Standard Contractual Clauses (DPA)
OpenAI, L.L.C.AI features: vehicle photo analysis, document processing, and assistant functionalityPhotos, document contents, and text submitted to AI features (not used to train OpenAI models per our API terms)United StatesStandard Contractual Clauses (DPA); API data-usage protections
Google LLC (Maps Platform)Address autocomplete and geocodingAddresses entered into address fieldsUnited States (global)EU–U.S. Data Privacy Framework; Standard Contractual Clauses
Sendblue, Inc.(optional integration)iMessage/SMS conversational messaging, only when a facility enables the messaging agentCustomer phone numbers and message contentUnited StatesData processing terms; enabled per facility
Calendly LLC(optional integration)Appointment scheduling, only when a facility connects CalendlyBooker names, email addresses, and appointment detailsUnited StatesCalendly DPA (incorporated into its terms); enabled per facility
Salesforce, Inc. (Slack)Internal notification of marketplace inquiries to our operations teamInquirer name and contact details from marketplace lead formsUnited StatesEU–U.S. Data Privacy Framework; Slack DPA
Zernio (formerly Late, getlate.dev)(optional integration)Social media post scheduling, only when a facility enables social publishingPost content and media the facility chooses to publishEuropean UnionEU-based provider subject to GDPR; enabled per facility
Vehicle data providers (auto.dev; RapidAPI/CarAPI; CarJam NZ; UK DVLA)(optional integration)VIN decoding, vehicle specifications, and license plate lookups where configuredVINs and license plate numbers submitted for lookup (no names or contact details)United States / New Zealand / United KingdomProvider API terms; only vehicle identifiers are transmitted
Intuit Inc. (QuickBooks Online)(optional integration)Accounting synchronization, only when a facility connects QuickBooksCustomer names, invoices, payment records synced to the facility's own QuickBooks accountUnited StatesEnabled and authorized by the facility; Intuit DPA applies
Xero Limited(optional integration)Accounting synchronization, only when a facility connects XeroCustomer names, invoices, payment records synced to the facility's own Xero accountNew Zealand / United StatesEnabled and authorized by the facility; Xero DPA applies
Security Measures

Key technical and organizational measures we apply across the Service:

  • TLS encryption for all data in transit; encryption at rest for databases, file storage, and backups
  • Tenant isolation with role-based, least-privilege access controls
  • Multi-factor authentication required for platform administrator access
  • Security audit logging of authentication and privacy-relevant events
  • Automated backups with defined retention and disposal schedules
  • Documented incident response with 72-hour customer breach notification

Detailed policies: Information Security, Access Controls, Data Retention and Disposal.

Contact

Softserve Software LLC

d/b/a Car Storage Software (carstoragesoftware.com)

Email: matt@carstoragesoftware.com

Address: 3343 Port Royale Dr S, Fort Lauderdale, FL 33308