Imperial Eminence Cyberguard Corporation · The Ivory Index
Subprocessor Register
Tier IV — Enterprise Governance · Ref: IECC-T4-002 · Version 1.0 · Effective 14 June 2026
This Subprocessor Register identifies the third-party service providers and tools that IECC engages in connection with The Ivory Index Software and associated services where those providers may process or access Customer data. This Register is maintained in accordance with IECC's obligations under applicable data protection law and the Data Processing Agreement (IECC-T3-004).
| Provider | Purpose | Data Accessed | Location | Basis |
|---|---|---|---|---|
| Ollama | Local AI model runtime and distribution | None (local execution only; model weights downloaded to User device) | United States | Software dependency; no personal data transmitted |
| Electron / Node.js | Desktop application runtime framework | None (local runtime; no data transmission) | N/A (open-source) | Software dependency; no personal data transmitted |
| Google Fonts | Web typography delivery (website only) | IP address (logged by Google on font request) | United States (global CDN) | Legitimate interests; disclosed in Cookie Policy |
| Email / Support Provider (TBD) | Support ticket and correspondence handling | Name, email address, support communication content | To be confirmed at deployment | Contract performance; DPA in place with provider |
| Cloud Infrastructure Provider (TBD) | Hosting for web-based services (if/when deployed) | Web server logs, session data | To be confirmed at deployment | Contract performance; DPA in place with provider |
| Analytics Provider (if enabled) | Aggregate usage analytics (website) | Anonymised usage data, IP address | To be confirmed if/when enabled | Consent (where required); disclosed in Cookie Policy |
IECC will provide at least 30 days' advance written notice to Customers before engaging a new subprocessor that will have access to Customer personal data actually processed by IECC (i.e., not locally-resident data). Notice will be provided via email to the Customer's registered contact or via update to this Register on the IECC website.
Customers who object to a new subprocessor on reasonable data protection grounds may notify IECC within 14 days of the notice. IECC will use reasonable efforts to accommodate the objection; where accommodation is not reasonably practicable, Customer may terminate the relevant service with a pro-rata refund of prepaid fees.
All subprocessors engaged by IECC to process Customer personal data are required to: (i) implement technical and organisational security measures equivalent to or exceeding those in the Security Addendum (IECC-T4-001); (ii) process data only on IECC's documented instructions; and (iii) assist IECC in meeting its obligations under applicable data protection law.
This Register is reviewed and updated quarterly and upon any material change to IECC's subprocessor relationships. The current version is effective as of the date shown in the document header.
