CENTRA Data Center List of Subprocessors
Last Updated: October 30, 2025
Overview
CENTRA Data Center is committed to transparency in our data processing practices. As a provider of colocation and connectivity services, we maintain the highest standards of security and compliance, including SOC 2 Type 2, ISO 27001, HIPAA, and PCI-DSS certifications.
This page lists the third-party subprocessors we engage to support our internal business operations. It is important to note that CENTRA does not process, access, or handle customer production data or workloads. Our subprocessors only process internal operational data, including:
- Customer contact information and billing records (CRM data)
- Internal business operations and support ticketing
- Financial and enterprise resource planning data
All data processing by our subprocessors occurs exclusively within the United States, across our facility locations in North Carolina, Maine, Minnesota, and Nevada.
Our Subprocessors
| Subprocessor Name | Purpose / Services Performed | Data Processing Location | Website |
|---|---|---|---|
| Microsoft Corporation (Azure) | Cloud Infrastructure – Hosting platform for business applications and services | United States | azure.microsoft.com |
| Microsoft Corporation (Dynamics 365 Business Central) | Enterprise Resource Planning (ERP) – Financial management, billing, and accounting operations | United States | dynamics.microsoft.com/business-central |
| Carma, Inc. | Customer Relationship Management (CRM), Ticketing System, Order Management, Operations Workflow | United States (Built on Microsoft Azure) | carma.net |
| SinglePoint Global | Security Operations Center (SOC), Managed IT Services, Infrastructure Support, Cybersecurity Monitoring | Ashburn, Virginia, United States | singlepointglobal.com |
Data Processing and Security
Scope of Processing
CENTRA engages the above subprocessors solely for internal business operations. These services support:
- Business Administration: CRM, ticketing, workflow management
- Financial Operations: Billing, accounting, enterprise resource planning
- Security & IT Operations: 24/7/365 SOC monitoring, managed IT services, cybersecurity
- Infrastructure Services: Cloud hosting and platform services
Data Categories
The personal data processed by our subprocessors is limited to:
- Customer Representative Information: Names, business email addresses, phone numbers, company affiliations
- Billing Information: Payment details, invoicing records, account information
- Internal Operations Data: Support tickets, service orders, operational communications
CENTRA does not access, process, or store customer production data, workloads, or application data hosted in our colocation facilities.
Geographic Restrictions
All subprocessors process data exclusively within the United States. No data is transferred outside of U.S. borders, ensuring compliance with data residency requirements and U.S. regulatory frameworks.
Compliance and Certifications
CENTRA maintains the following compliance certifications and requires our subprocessors to implement appropriate security controls:
- SOC 2 Type 2 – Annual attestation of security controls
- ISO 27001 – Information Security Management System
- HIPAA – Health Insurance Portability and Accountability Act compliance
- PCI-DSS – Payment Card Industry Data Security Standard
Our subprocessors are selected based on their ability to meet industry-standard security requirements, including:
- Implementation of appropriate technical and organizational security measures
- Regular security audits and assessments
- Encryption of data in transit and at rest
- Access controls and authentication mechanisms
- Incident response and breach notification procedures
Subprocessor Management
Selection Process
CENTRA follows a rigorous vendor selection process to ensure all subprocessors:
- Maintain appropriate security certifications and controls
- Comply with applicable data protection regulations
- Implement industry best practices for data security
- Provide contractual data protection commitments
- Process data only as directed and for specified purposes
Contractual Safeguards
All subprocessors are bound by written agreements that include:
- Data processing limitations and scope definitions
- Confidentiality obligations
- Security requirements aligned with CENTRA’s standards
- Incident notification procedures
- Right to audit and assess compliance
- Data deletion requirements upon contract termination
Monitoring and Oversight
CENTRA regularly reviews subprocessor performance and compliance, including:
- Periodic security assessments
- Review of audit reports and certifications
- Monitoring of service level agreements
- Evaluation of security incidents and responses
Changes to Subprocessors
Notification Process
CENTRA is committed to transparency regarding changes to our subprocessor list. We will:
- Update this page promptly when adding or removing subprocessors
- Provide advance notice to customers of material changes where commercially reasonable
- Maintain documentation of all subprocessor changes
Right to Object
If you have concerns about a new subprocessor, please contact us within 30 days of notification. We will work with you to address your concerns or, if necessary, discuss alternative arrangements.
Contact for Objections
Email: compliance@centradigital.com
Subject Line: “Subprocessor Objection”
Please include: Your name and company name, the name of the subprocessor, specific grounds for objection, and your CENTRA account or customer reference number.
Data Protection Agreement
CENTRA offers a comprehensive Data Processing Agreement (DPA) to our customers that governs our data processing activities and subprocessor usage. The DPA includes:
- Detailed descriptions of processing activities
- Security commitments and technical measures
- Subprocessor authorization and notification procedures
- Data subject rights facilitation
- Breach notification obligations
- Standard Contractual Clauses where applicable
To request or review our Data Processing Agreement, please contact your CENTRA account representative or email legal@centradigital.com.
Contact Information
For questions, concerns, or additional information about our subprocessors and data processing practices:
CENTRA Data Center
Compliance and Data Protection Team
Email: compliance@centradigital.com
Privacy Officer: privacy@centradigital.com
Legal Inquiries: legal@centradigital.com
Business Hours: Monday – Friday, 9:00 AM – 5:00 PM ET
Emergency Contact: Available 24/7/365 through your account representative
Additional Resources
- CENTRA Privacy Policy
- CENTRA Terms & Conditions
- CENTRA Security Overview
- Compliance Certifications
- Data Processing Agreement
Important Distinctions
CENTRA’s Role
CENTRA operates as a data center colocation and connectivity provider. Our customers maintain full ownership and control over their data and equipment hosted in our facilities.
For colocation services: CENTRA provides physical space, power, cooling, and network connectivity. Customers own and operate their servers, storage, and networking equipment. CENTRA does not access customer equipment or data. Customers are responsible for their own data processing activities
For our internal business operations: CENTRA acts as a data controller for customer contact and billing information. The subprocessors listed on this page support CENTRA’s internal business functions only. These subprocessors do not have access to customer production environments or workloads
Customer Responsibilities
As a colocation provider, our customers are responsible for:
- Implementing their own data protection measures for their hosted infrastructure
- Managing their own subprocessors and vendors for services they provide to their end users
- Ensuring compliance with applicable regulations for their data processing activities
- Maintaining their own data processing agreements with their customers
If you use CENTRA services to provide services to your own customers, you may need to disclose CENTRA as a subprocessor in your own documentation, depending on your service model and contractual obligations.
Definitions
Subprocessor: A third-party entity engaged by CENTRA that has or may have access to process personal data in connection with CENTRA’s internal business operations.
Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, phone numbers, and billing information.
Data Controller: The entity that determines the purposes and means of processing personal data. CENTRA acts as a data controller for internal business data.
Data Processor: An entity that processes personal data on behalf of a data controller. CENTRA’s subprocessors act as data processors for the specific purposes outlined above.
Processing: Any operation performed on personal data, including collection, storage, organization, structuring, use, disclosure, or deletion.