Subprocessors
Last updated: 01.01.2026
BoxCase Besloten Vennootschap (B.V.) ("BoxCase") uses carefully selected subprocessors to host, deliver and support the BoxCase platform. This page lists subprocessors that may process personal data on behalf of BoxCase customers.
Infrastructure providers may maintain their own compliance programmes and certifications for the services they operate. Those provider programmes support the underlying infrastructure and should not be interpreted as certifications held directly by BoxCase unless explicitly stated in customer documentation.
Governing entity: BoxCase Besloten Vennootschap (B.V.), KVK 58992545, Doldersestraat 39, 2574 TB 's-Gravenhage, Netherlands. Questions: contact.
Overview
Subprocessors are third parties engaged by BoxCase to process personal data in connection with the service, such as hosting, database, email delivery, payment processing and optional AI features configured by a customer.
BoxCase assesses subprocessors for security and data protection suitability before engagement and contractually requires appropriate safeguards.
Enterprise customers with dedicated infrastructure may have a reduced or alternate subprocessor set described in their order or security schedule.
Current subprocessors
Vercel Inc. — cloud hosting, serverless compute, content delivery and private object storage. Processing location: primarily United States and European regions as configured for the deployment.
Neon Tech Inc. — managed PostgreSQL database services for application and audit data. Processing location: region selected for the deployment.
Stripe, Inc. — payment processing and billing event handling for subscription and invoice payments. Card data is collected directly by Stripe.
Brevo (Sendinblue SAS) — transactional email delivery for notifications, invitations and operational messages configured in the platform.
Optional AI infrastructure providers — where enabled by tenant policy, BoxCase may route approved AI requests to an isolated provider under customer-configured controls. Provider identity and region are documented in the tenant security schedule when this feature is activated.
Change notification
We update this page when we add or replace subprocessors that process customer personal data.
Customers with an active data processing agreement will receive notice of material subprocessor changes through the contact details on file, allowing a reasonable period to review and raise substantiated objections.
Non-material changes, such as corporate renames, entity reorganisations or region expansions within an existing provider, may be reflected by updating this page without separate notice where permitted by the applicable agreement.
Contact
Questions about subprocessors, data residency or enterprise subprocessor restrictions should be directed via /contact.
Last reviewed together with the privacy policy and data processing agreement on 01.01.2026.