Com-Sec Subprocessor List

Last updated: April 15, 2025

Com-Sec LLC (“Com-Sec”) uses a limited number of trusted third-party service providers (“subprocessors”) to support the delivery of our services. These subprocessors may have access to customer data only as needed to perform their services and are contractually bound by strict confidentiality and security obligations.

We operate primarily within our customers’ infrastructure. Any tools we use are for internal operations, compliance automation, security testing, or training support.

Active Subprocessors

Subprocessor

Google Workspace

Email, calendar, document storage

United States

Business communications and internal docs

Slack

Internal team communication

United States

Internal messages

Microsoft Teams

Client and internal communication

United States

Meeting coordination and communication

Drata

Compliance automation platform (client-facing)

United States

Metadata, policy evidence (customer controlled)

Socurely

Compliance automation platform (client-facing)

United States

Metadata, policy evidence (customer controlled)

Vanta

Compliance automation (used for some clients)

United States

Metadata, policy evidence (customer controlled)

Jira (Atlassian)

Project tracking and issue management

United States

Internal ticketing and project documentation

ClickUp / Notion

Project/task management

United States

Internal and client project documentation

FreshBooks

Invoicing and financial operations

United States

Billing and payment information

GoPhish

Phishing simulation and awareness training

United States

Email addresses, metadata for training users

NewZenler

Training content delivery and learning management

United States

Email addresses, names, course progress

SecurityMetrics

Vulnerability scanning and security testing

United States

IP addresses, scan metadata (limited to customer scope )

Squarespace

Website hosting

United States

Public-facing website content only

Stores shared credentials for third-party applications.

AWS (Secrets Manager)

Credential Manager

United States

Clockify

Purpose

Time tracking tool

Location

United States

Data Access Scope

Tool to log work hours, manage timesheets, and track productivity.

Data Handling Note

Com-Sec does not store or process customer production data. All services are performed within the client’s infrastructure or systems. Subprocessor access is limited to metadata, documentation, or scoped information necessary to fulfill specific functions (e.g., training, compliance automation, or vulnerability scanning).

Subprocessor Notifications

We will provide at least 30 days’ notice before authorizing any new subprocessor with access to customer data. If you have any questions or concerns, please contact us at privacy@com-sec.io.