Case Studies Industries Departments Features AI Cost Savings
Quickstart Tutorial Examples Features Deepdive Search Demo API Reference Technical Write Ups
About Legal Security Pricing
Pricing Login

Vendor & Subprocessor Disclosure

Effective Date: 2/14/25

At Sturdy Statistics, we prioritize transparency and security. This document discloses the third-party vendors and subprocessors we use to provide and support our services. These vendors help us ensure data security, system reliability, and service performance while maintaining strict compliance with industry standards.

1. Core Infrastructure Providers

We rely on the following third-party providers for hosting, storage, and infrastructure management:

Amazon Web Services (AWS)

  • Services Used: Hosting, encrypted storage (S3), database infrastructure.

  • Data Locations: United States.

  • Security Measures: AES-256 encryption, TLS 1.3, multi-layer access controls.

  • Customer Data Handling: AWS provides the infrastructure but does not access or process customer data beyond standard infrastructure operations.

Cloudflare

  • Services Used: Network security, DDoS protection, API gateway, bot management.

  • Data Locations: United States and global CDN regions.

  • Security Measures: Web traffic filtering, rate limiting, threat detection.

  • Customer Data Handling: Cloudflare processes only encrypted network traffic as a security layer. Sturdy Statistics does not use Cloudflare for data storage, logging, or deep packet inspection.

2. Optional Processing (Enabled by Default)

We offer an optional enhancement powered by OpenAI for AI-based text summarization. Customers can disable this feature at any time.

OpenAI (Optional Feature)

  • Services Used: AI-based text summarization for select analytics tools.

  • Data Locations: United States.

  • Customer Data Handling: This feature processes short excerpts of customer data, which are fully encrypted in transit and at rest. OpenAI does not store, retain, or use customer data for any purpose beyond responding to API requests.

  • Customer Control: This feature is enabled by default but can be disabled by contacting support.

3. Security & Compliance

All subprocessors meet industry-recognized security and compliance standards, including:

  • SOC 2 Type II (data security & operational controls)

  • ISO 27001 (information security management)

  • CCPA compliance (California Consumer Privacy Act)

  • GDPR compliance (where applicable)

Additional security measures include:

  • Data encryption in transit (TLS 1.3) and at rest (AES-256)

  • Strict access controls and monitoring

4. Customer Control & Opt-Out Options

Customers have full control over their data and can:

  • Request full data isolation (e.g., dedicated AWS instance for enterprise customers).

  • Disable OpenAI-powered processing at any time.

  • Contact support for security inquiries at support@sturdystatistics.com.

5. Changes & Updates

We periodically review our vendors and may update this list as necessary. If a new subprocessor significantly affects how customer data is processed, we will provide advance notice.

For questions, contact us at support@sturdystatistics.com.