Sub-processors
Breeze relies on a small number of carefully selected sub-processors to deliver hosting, transactional email, and operational monitoring. This page lists every sub-processor that may process customer data on Sotera's behalf.
Always-on sub-processors
These sub-processors may process data on behalf of every Breeze tenant.
| Sub-processor | Operated by | Purpose | Processing region | Categories of data |
|---|---|---|---|---|
| Microsoft Azure | Microsoft Corporation | Application hosting (App Service), object storage (Blob), managed cache (Redis) | Norway East | All operational customer data |
| MongoDB Atlas | MongoDB Inc. | Primary operational database (cluster on Azure) | Azure Norway East | Tenant data, credentials, users, audit events |
| Vercel | Vercel Inc. | Frontend (static React/Next.js) hosting and CDN delivery | Global edge / configurable region | No customer data is stored on Vercel. Static assets only. |
| Sentry | Functional Software, Inc. (sentry.io) | Application error monitoring and stack-trace aggregation | EU instance | Error context (with email addresses and similar PII redacted) |
| Brevo (Sendinblue) | Sendinblue SAS | Transactional email delivery (account activation, password reset, MFA codes) | EU | Recipient email address, message subject and body |
| Cloudinary | Cloudinary Ltd. | Hosting and CDN delivery of domain and product logos uploaded by administrators | United States (global CDN edge) | Branding assets only (logo images). No personal data. Migration to an EU/EEA-resident provider is on the compliance roadmap. |
Conditional sub-processors
These sub-processors only process data when a tenant has explicitly enabled the corresponding Breeze feature or integration. A tenant that does not use the feature has no data flow to the sub-processor.
| Sub-processor | Operated by | Used when… | Operated region | Categories of data |
|---|---|---|---|---|
| Signicat | Signicat AS (Trondheim, Norway) | A tenant enables eID-based login or a credential template is configured for population-register lookup. See notes below. | EU/EEA | See notes below. |
| Remove.bg | Kaleido AI GmbH (Vienna, Austria) | A credential template has automatic photo background removal enabled. | EU | The credential photo is transmitted to remove.bg for background removal; the processed image is returned and stored in Breeze. See remove.bg privacy policy. |
| STID Mobile ID | STID SAS (France) | A tenant has issued mobile credentials onto the STID Mobile ID platform. | EU (France) | The credential subject's photo and identifying details (name, email used as vCard identifier) are sent to STID to provision the mobile credential and to revoke it on lifecycle events. |
| Axia | Axia Logistics AS (Norway) | A tenant has the Axia freight feature enabled for physical-credential shipping (see axia.no). | Norway | Recipient name, postal address, and consignment metadata required to create and track the shipment. No identity-document data. |
Note on eID authentication (Flow 1). When eID login is enabled, Sotera contracts with Signicat as a broker. Signicat in turn relays the authentication request to the underlying national eID scheme (BankID Norway, Swedish BankID, MitID, etc.). Sotera does not have a direct contractual relationship with the underlying eID schemes; that relationship is between Signicat and the scheme operator.
Breeze does not request the national identity number (
nin) scope from the OIDC flow today, and does not persist aninfrom authentication. If a future integration ever requires theninscope on a legal basis that permits it, Breeze would still not persist theninfrom this flow. Only the identifiers Signicat returns —idp_id(the IdP's stable identifier for the user) andnbid_subject_uuid(the BankID subject UUID, where applicable) — are stored on the Breeze user record so subsequent eID logins can be linked to the correct account.
Note on data-verification lookups (Flow 2). This flow is initiated by a tenant operator while ordering a credential, against a credential template that the tenant administrator has explicitly configured for external data lookup. What is retained from the lookup is determined by the template's field mapping. Tenants are expected to mark any field they store that contains sensitive personal data (
nin, identity numbers, etc.) as a sensitive data field in the template, which causes Breeze to apply application-layer encryption, masked display, and audit-log redaction to that field automatically. See Data protection › Sensitive data fields and External Data Lookup for the operator-facing description.
How sub-processors are evaluated
Sotera evaluates each sub-processor against the following criteria before approving it for production use:
- Data residency — Does the sub-processor offer EU/EEA-resident processing, ideally Norway?
- Security posture — Does the sub-processor hold relevant certifications (ISO 27001, SOC 2)?
- Data Processing Agreement — Is a GDPR-compliant DPA in place between Sotera and the sub-processor?
- Necessity — Is the sub-processor essential for delivering the Breeze service, with no in-region alternative?
Notification of changes
Sotera notifies customers and partners of material changes to this sub-processor list (additions, removals, or changes in processing region) via the Trust Center. The Data Processing Agreement governs the timing of such notifications and any associated objection rights.