Sub-processors
Last updated: 26 March 2026
AnswerVault uses the following third-party services ("sub-processors") to provide the Service. Each sub-processor has a data processing agreement (DPA) in place with Crocker Digital Ltd.
We will update this page when we add or change sub-processors. Registered users will be notified of changes by email.
Current sub-processors
| Service | Purpose | Data processed | Primary location | DPA |
|---|---|---|---|---|
| Supabase | Database, user authentication, file storage | Account data, ESG facts, documents, questionnaire responses, session tokens | EU (Frankfurt) | Supabase DPA |
| Stripe | Payment processing and subscription management | Name, email, payment card details, billing history | EU / US | Stripe DPA |
| Resend | Transactional email delivery | Email address, message content (password resets, billing alerts, account notifications) | US | Resend DPA |
| GoatCounter | Privacy-focused website analytics | Anonymous page views only. No personal data, no cookies, no IP storage. | EU | Cookie-free; no personal data processed |
| Netlify | Website and application hosting | Server access logs (IP address, request URL, user agent) | US / EU | Netlify DPA |
| Sentry | Application error monitoring | Error stack traces, anonymised usage context. No user content or personal data in normal operation. | US | Sentry DPA |
International transfers
Where sub-processors process data outside the UK or EU/EEA, appropriate safeguards are in place (Standard Contractual Clauses or equivalent mechanisms as required by UK GDPR).
Changes to this list
If we add a new sub-processor or change how an existing one processes data, we will:
- Update this page.
- Notify registered users by email at least 14 days before the change takes effect.
If you object to a new sub-processor, contact us at support@answervault.co.uk within the notice period.
Contact
Questions about our sub-processors? Contact us at support@answervault.co.uk.