top of page

CENTRA Data Center List of Subprocessors

Last updated November 18, 2025

Overview

CENTRA Data Center is committed to transparency in our data processing practices. As a provider of colocation and connectivity services, we maintain the highest standards of security and compliance, including SOC 2 Type 2, ISO 27001, HIPAA, and PCI-DSS certifications.
 

This page lists the third-party subprocessors we engage to support our internal business operations. It is important to note that CENTRA does not collect, process, access, use, store, maintain or handle customer production data/workloads or application data hosted in our colocation facilities. Our subprocessors only process internal operational data, including:
 

    Customer contact information and billing records (CRM data)
  • Internal business operations and support ticketing​​

  • Financial and enterprise resource planning data
     

All data processing by our subprocessors occurs exclusively within the United States, across our facility locations in North Carolina, Maine, Minnesota, and Nevada.

Our Subprocessors

Subprocessor Name
Purpose / Services Performed
Data Processing Location
Website
SinglePoint Global
Security Operations Center (SOC), Managed IT Services, Infrastructure Support, Cybersecurity Monitoring
Ashburn, Virginia, United States
https://www.singlepointglobal.com/
Carma, Inc.
Customer Relationship Management (CRM), Ticketing System, Order Management, Operations Workflow
United States (Built on Microsoft Azure)
https://carma.net/
Microsoft Corporation (Dynamics 365 Business Central)
Enterprise Resource Planning (ERP) – Financial management, billing, and accounting operations
United States
https://www.microsoft.com/en-us/dynamics-365/
Microsoft Corporation (Azure)
Cloud Infrastructure – Hosting platform for business applications and services
United States
http://www.azure.microsoft.com

Data Processing and Security

Scope of Processing
 
CENTRA engages the above subprocessors solely for internal business operations. These services support:
 

  • Business Administration: CRM, ticketing, workflow management

  • Financial Operations: Billing, accounting, enterprise resource planning

  • Security & IT Operations: 24/7/365 SOC monitoring, managed IT services, cybersecurity of CENTRA-controlled systems

  • ​Infrastructure Services: Cloud hosting and platform services

 
Data Categories
 
The personal data processed by our subprocessors is limited to:
 

    Customer Representative Information: Names, business email addresses, phone numbers, company affiliations​

  • Billing Information: Payment details, invoicing records, account information​

  • Internal Operations Data: Support tickets, service orders, operational communications 

 
CENTRA does not collect, process, access, use, store, maintain or handle customer production data, workloads, or application data hosted in our colocation facilities.
 
Geographic Restrictions
 
All subprocessors process data exclusively within the United States. No data is transferred outside of U.S. borders, ensuring compliance with data residency requirements and U.S. regulatory frameworks.

Compliance and Certifications

CENTRA is in the process of obtaining the following compliance certifications and requires our subprocessors to implement appropriate security controls:

 

    SOC 2 Type 2 – Annual attestation of security controls​

  • ISO 27001 – Information Security Management System​

  • HIPAA – Health Insurance Portability and Accountability Act compliance​

  • PCI-DSS – Payment Card Industry Data Security Standard

Our subprocessors are selected based on their ability to meet industry-standard security requirements, including:

 

    Implementation of appropriate technical and organizational security measures.​

  • Regular security audits and assessments.​

  • Encryption of data in transit and at rest.​

  • Access controls and authentication mechanisms.​

  • Incident response and breach notification procedures.

Subprocessor Management

Selection Process
 
CENTRA follows a rigorous vendor selection process to ensure all subprocessors:
 

    Maintain appropriate security certifications and controls.​

  • Comply with applicable data protection regulations.​

  • Implement industry best practices for data security.

  • Provide contractual data protection commitments.​

  • Process data only as directed and for specified purposes.

 
Contractual Safeguards
 
All subprocessor agreements include the following:
 

    Data processing limitations and scope definitions.
  • Confidentiality obligations.

  • Security requirements that align with CENTRA’s standards.

  • Incident notification procedures.

  • Access to audit reports and compliance certifications.
  • Data deletion requirements upon contract termination.

 
Monitoring and Oversight
 
CENTRA will review subprocessor performance and compliance regularly, and in no event less than once annually, through the following means:
 

    Periodic security assessments.
  • Review of audit reports and certifications.
  • Monitoring of service level agreements.
  • Evaluation of security incidents and responses.

Changes to Subprocessors

Notification Process

 

CENTRA is committed to transparency regarding changes to our subprocessor list. We will:

 

  • Update this page promptly when adding or removing subprocessors.

  • Provide advance notice to customers of material changes where commercially reasonable.

  • Maintain documentation of all subprocessor changes.

Right to Object

 

If you have concerns about a new subprocessor, please contact us within 30 days of notification. We will work with you to address your concerns or, if necessary, discuss alternative arrangements.

 

Contact for Objections
Email: compliance@centradigital.com
Subject Line: “Subprocessor Objection”

 

Please include: Your name and company name, the name of the subprocessor, specific grounds for objection, and your CENTRA account or customer reference number.

Contact Information

For questions, concerns, or additional information about our subprocessors and data processing practices:
 

CENTRA Data Center
Compliance and Data Protection Team
 

Email: compliance@centradigital.com
Privacy Officer: privacy@centradigital.com
Legal Inquiries: legal@centradigital.com
 

Business Hours: Monday – Friday, 9:00 AM – 5:00 PM ET
Emergency Contact: Available 24/7/365 through your account representative

Additional Resources

CENTRA Privacy Policy

Important Distinctions

CENTRA’s Role

 

CENTRA operates as a data center colocation and connectivity provider. Our customers maintain full ownership and control over their data and equipment hosted in our facilities.

 

For colocation services: CENTRA provides physical space, power, cooling, and network connectivity. Customers own, control and operate their servers, storage, and networking equipment. CENTRA does not access customer equipment and CENTRA does not collect, process, access, use, store, maintain or handle customer production data workloads or application data hosted in our colocation facilities. Customers are responsible for their own data processing activities and logical security measures.

 

For our internal business operations: CENTRA acts as a data controller for customer contact and billing information. The subprocessors listed on this page support CENTRA’s internal business functions only. These subprocessors do not have access to customer production environments or workloads.

 

Customer Responsibilities

 

Our customers are responsible for:

 

  • Implementing their own data protection measures for their hosted infrastructure.

  • Managing their own subprocessors and vendors for services they provide to their end users.

  • Ensuring compliance with applicable regulations for their data processing activities.

  • Maintaining their own data processing agreements with their customers.

Definitions

CENTRA’s Role

 

Subprocessor: A third-party entity engaged by CENTRA that has or may have access to process Personal Data in connection with CENTRA’s internal business operations.  CENTRA does not act as a Subprocessor for its data center customers.
 

Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, phone numbers, and billing information.
 

Data Controller: The entity that determines the purposes and means of processing personal data. CENTRA acts as a Data Controller for internal business data.  CENTRA does not act as a Data Controller for its data center customers.
 

Data Processor: An entity that processes Personal Data on behalf of a Data Controller. CENTRA’s Subprocessors act as Data Processors for the specific internal business purposes outlined above.

 

Processing: Any operation performed on personal data, including collection, storage, organization, structuring, use, disclosure, or deletion.

bottom of page