**Tags**: #MemberData #Transparency #Vendors > [!info] > This information is shared as part of Decombine's commitment to [[Open Core]] practices. Decombine publicly discloses its vendors to establish and maintain trust. Furthermore, we explicitly outline what Member data is transmitted to what vendors. Our commitment to you: - We do not share data without your explicit permission. - We do not share data without an explicit reason outlined. - We do not share any more than the data required to complete a process or meet a regulatory requirement on your behalf. - We minimize the vendors we use in our supply chain to limit the scope of parties that could ever potentially receive your data. ## Diagrams Decombine maintains the following architecture diagrams for the public and our Members to have insight into how Decombine uses Member data in our services. These are approximate representations of processes and the data used for each. If data is not listed below with a vendor, that means it is stored and encrypted by Decombine on confidential compute systems that we operate with a cloud service provider. The cloud service provider **does not** have access to this data. ## Vendors and Member data ### Regional vs. Global **Regional** Decombine is committed to ensuring Member data is isolated to the specific region selected by Members for that respective data. Some vendor services may be used globally (as in some data is ingested globally), but most are isolated to a service that is scoped to a specific region. A specific breakdown of how this information is separated is available at [[Regional data isolation]]. **Global** A Global service implies that the server receiving or sending information may be located anywhere, generally in order to provide specific guarantees (uniqueness, access speed, etc.). Services that are isolated to a region will generally have the region identifier appended to the end of the service name (such as US for United States or EU for European Union). ## Vendors ### Microsoft Corporation Decombine uses Microsoft Corporation's Azure Cloud as its initial core cloud services provider (CSP) to operate our software services. #### Vendor Services ##### Azure Communication Services (by region) Email is handled by Azure Communication Services (ACS). Decombine **does** store Member email values in order to create and manage a Profile on [decombine.com](https://decombine.com). ACS is used to transmit account and service notifications to Members. Decombine delegates Email to Azure Communication Services because: - Email is challenging to reliably deliver due to the need to combat spam and fraud. Many services will not trust any but the largest senders of email. - It is preferable to use ACS as opposed to another service that is designed for marketing, as your information may be used by that service provider for their own purposes. ```mermaid erDiagram Azure-Communication-Services }|..|{ Email : has Azure-Communication-Services ||--o{ Sending-Emails : "Liable for" ``` ##### Azure Public DNS Domain Name System (DNS) requests for Decombine services is handled by Azure Public DNS. Decombine delegates DNS to Azure Public DNS because: - Public DNS is required to provide Decombine services. It is preferred to manage DNS with the rest of our services as opposed to entrusting an additional vendor with this information. ```mermaid erDiagram Azure-Public-DNS }|..|{ IP-Address : has Azure-Public-DNS ||--o{ Resolving-Traffic-Destination : "Liable for" ```