CENTRA Data Center List of Subprocessors

Last Updated: November 18, 2025

Overview

CENTRA Data Center is committed to transparency in our data processing practices. As a provider of colocation and connectivity services, we maintain the highest standards of security and compliance, including SOC 2 Type 2, ISO 27001, HIPAA, and PCI-DSS certifications.

This page lists the third-party subprocessors we engage to support our internal business operations. It is important to note that CENTRA does not collect, process, access, use, store, maintain or handle customer production data/workloads or application data hosted in our colocation facilities. Our subprocessors only process internal operational data, including:

      • Customer contact information and billing records (CRM data)

      • Internal business operations and support ticketing

      • Financial and enterprise resource planning data

    All data processing by our subprocessors occurs exclusively within the United States, across our facility locations in North Carolina, Maine, Minnesota, and Nevada.

    Our Subprocessors

    Subprocessor Name Purpose / Services Performed Data Processing Location Website
    Microsoft Corporation (Azure) Cloud Infrastructure – Hosting platform for business applications and services United States azure.microsoft.com
    Microsoft Corporation (Dynamics 365 Business Central) Enterprise Resource Planning (ERP) – Financial management, billing, and accounting operations United States dynamics.microsoft.com/business-central
    Carma, Inc. Customer Relationship Management (CRM), Ticketing System, Order Management, Operations Workflow United States (Built on Microsoft Azure) carma.net
    SinglePoint Global Security Operations Center (SOC), Managed IT Services, Infrastructure Support, Cybersecurity Monitoring Ashburn, Virginia, United States singlepointglobal.com

    Data Processing and Security

    Scope of Processing

    CENTRA engages the above subprocessors solely for internal business operations. These services support:

        • Business Administration: CRM, ticketing, workflow management

        • Financial Operations: Billing, accounting, enterprise resource planning

        • Security & IT Operations: 24/7/365 SOC monitoring, managed IT services, cybersecurity of CENTRA-controlled systems

        • Infrastructure Services: Cloud hosting and platform services

      Data Categories

      The personal data processed by our subprocessors is limited to:

          • Customer Representative Information: Names, business email addresses, phone numbers, company affiliations

          • Billing Information: Payment details, invoicing records, account information

          • Internal Operations Data: Support tickets, service orders, operational communications

        CENTRA does not collect, process, access, use, store, maintain or handle customer production data, workloads, or application data hosted in our colocation facilities.

        Geographic Restrictions

        All subprocessors process data exclusively within the United States. No data is transferred outside of U.S. borders, ensuring compliance with data residency requirements and U.S. regulatory frameworks.

        Compliance and Certifications

        CENTRA is in the process of obtaining the following compliance certifications and requires our subprocessors to implement appropriate security controls:

            • SOC 2 Type 2 – Annual attestation of security controls

            • ISO 27001 – Information Security Management System

            • HIPAA – Health Insurance Portability and Accountability Act compliance

            • PCI-DSS – Payment Card Industry Data Security Standard

          Our subprocessors are selected based on their ability to meet industry-standard security requirements, including:

              • Implementation of appropriate technical and organizational security measures.

              • Regular security audits and assessments.

              • Encryption of data in transit and at rest.

              • Access controls and authentication mechanisms.

              • Incident response and breach notification procedures.

            Subprocessor Management

            Selection Process

            CENTRA follows a rigorous vendor selection process to ensure all subprocessors:

                • Maintain appropriate security certifications and controls.

                • Comply with applicable data protection regulations.

                • Implement industry best practices for data security.

                • Provide contractual data protection commitments.

                • Process data only as directed and for specified purposes.

              Contractual Safeguards

              All subprocessor agreements include the following:

                  • Data processing limitations and scope definitions.

                  • Confidentiality obligations.

                  • Security requirements that align with CENTRA’s standards.

                  • Incident notification procedures.

                  • Access to audit reports and compliance certifications.

                  • Data deletion requirements upon contract termination.

                Monitoring and Oversight

                CENTRA will review subprocessor performance and compliance regularly, and in no event less than once annually, through the following means:

                    • Periodic security assessments.

                    • Review of audit reports and certifications.

                    • Monitoring of service level agreements.

                    • Evaluation of security incidents and responses.

                  Changes to Subprocessors

                  Notification Process

                  CENTRA is committed to transparency regarding changes to our subprocessor list. We will:

                      1. Update this page promptly when adding or removing subprocessors.

                      1. Provide advance notice to customers of material changes where commercially reasonable.

                      1. Maintain documentation of all subprocessor changes.

                    Right to Object

                    If you have concerns about a new subprocessor, please contact us within 30 days of notification. We will work with you to address your concerns or, if necessary, discuss alternative arrangements.

                    Contact for Objections
                    Email: compliance@centradigital.com
                    Subject Line: “Subprocessor Objection”

                    Please include: Your name and company name, the name of the subprocessor, specific grounds for objection, and your CENTRA account or customer reference number.

                    Contact Information

                    For questions, concerns, or additional information about our subprocessors and data processing practices:

                    CENTRA Data Center
                    Compliance and Data Protection Team

                    Email: compliance@centradigital.com
                    Privacy Officer: privacy@centradigital.com
                    Legal Inquiries: legal@centradigital.com

                    Business Hours: Monday – Friday, 9:00 AM – 5:00 PM ET
                    Emergency Contact: Available 24/7/365 through your account representative

                    Additional Resources

                      Important Distinctions

                      CENTRA’s Role

                      CENTRA operates as a data center colocation and connectivity provider. Our customers maintain full ownership and control over their data and equipment hosted in our facilities.

                      For colocation services: CENTRA provides physical space, power, cooling, and network connectivity. Customers own, control and operate their servers, storage, and networking equipment. CENTRA does not access customer equipment and CENTRA does not collect, process, access, use, store, maintain or handle customer production data workloads or application data hosted in our colocation facilities. Customers are responsible for their own data processing activities and logical security measures.

                      For our internal business operations: CENTRA acts as a data controller for customer contact and billing information. The subprocessors listed on this page support CENTRA’s internal business functions only. These subprocessors do not have access to customer production environments or workloads.

                      Customer Responsibilities

                      Our customers are responsible for:

                          • Implementing their own data protection measures for their hosted infrastructure.

                          • Managing their own subprocessors and vendors for services they provide to their end users.

                          • Ensuring compliance with applicable regulations for their data processing activities.

                          • Maintaining their own data processing agreements with their customers.

                        Definitions

                        Subprocessor: A third-party entity engaged by CENTRA that has or may have access to process Personal Data in connection with CENTRA’s internal business operations.  CENTRA does not act as a Subprocessor for its data center customers.

                        Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, phone numbers, and billing information.

                        Data Controller: The entity that determines the purposes and means of processing personal data. CENTRA acts as a Data Controller for internal business data.  CENTRA does not act as a Data Controller for its data center customers.

                        Data Processor: An entity that processes Personal Data on behalf of a Data Controller. CENTRA’s Subprocessors act as Data Processors for the specific internal business purposes outlined above.

                        Processing: Any operation performed on personal data, including collection, storage, organization, structuring, use, disclosure, or deletion.