| Google Workspace Google LLC |
Primary email, calendar, and document collaboration. Operator-facing correspondence and engagement coordination. |
Email content, calendar metadata, shared documents when operator chooses Google Drive for transfer. |
United States |
| AWS Amazon Web Services, Inc. |
Hosting for VitaCoreX-operated tooling and the API layer that backs intake forms and workflow automation. |
Intake form content, workflow metadata, structured engagement records. Not document storage for operator files by default. |
United States (us-east-1) |
| Render Render Services, Inc. |
Managed platform for the public API endpoint (vcx-api.onrender.com) that handles intake submissions and webhook routing. |
Intake form submissions in transit. No document payloads. Data forwarded to CRM and durable storage within minutes. |
United States |
| Stripe Stripe Payments Company |
Payment processing for engagement invoicing. PCI DSS Level 1 service provider. |
Billing contact name, email, and payment method metadata. VitaCoreX does not see or store raw card data — Stripe handles it directly. |
United States |
| HubSpot HubSpot, Inc. |
CRM and pipeline management for operator contacts, engagement status, and follow-up scheduling. |
Operator contact details, engagement stage, correspondence metadata. No engagement document contents. |
United States |
| DocuSign DocuSign, Inc. |
Electronic signature for NDAs, engagement letters, and certificates of destruction. Used only when an operator requests e-sign. |
Signer name, signer email, signed document, audit trail. Used for execution artifacts only, not for engagement working files. |
United States |
| Cloudflare Cloudflare, Inc. |
DNS, CDN, and edge protection for vitacorexllc.com and related subdomains. |
Request metadata (IP address, user agent) for the marketing site. No form-submitted content routes through Cloudflare by default. |
United States (global edge) |
| Google Analytics 4 Google LLC |
Anonymized site traffic analytics for the public marketing pages only. |
Page view events, referrer, device class. No personally identifying form data. IP anonymization enabled. |
United States |