Sub-processors
Last updated: 2026-04-30
Sub-processors
This page lists the third-party providers (sub-processors) that handle personal data on behalf of CalProof to deliver the service. CalProof is a trading name of Crocker Digital Ltd, registered in England and Wales under Company No. 17008789. We act as the data controller; the sub-processors below act as data processors under contract with us.
We will give active customers at least 30 days' notice by email before adding a new sub-processor that handles personal data, or before changing an existing sub-processor in a way that materially affects how your data is processed. If you object to a planned change, you can cancel your subscription before it takes effect and we will refund any unused prepaid fees on a pro-rata basis.
1. Current sub-processors
| Sub-processor | Purpose | Data categories | Region | Source-of-truth doc |
|---|---|---|---|---|
| Supabase (Postgres + Auth + Storage) | Application database, user authentication, certificate file storage | Account email, name, calibration data, certificate PDFs, audit log | eu-west-2 (London) | SUBPROCESSORS.md |
| Stripe Payments Europe | Payment processing, subscription billing | Payment method (tokenised), billing email, invoices | EU | SUBPROCESSORS.md |
| Resend (Mailable Inc.) | Transactional + lifecycle email delivery | Email address, message body, deliverability metadata | EU | SUBPROCESSORS.md |
| Microsoft 365 (shared mailbox) | Inbound support email at support@calproof.co.uk | Inbound email content + metadata | EU | SUBPROCESSORS.md |
| Sentry (Functional Software, Inc.) | Error monitoring + stack traces | Stack traces, request URL, user_id (if logged in) — no payload bodies | US (sub-processor under SCCs) | SUBPROCESSORS.md |
| Cloudflare Turnstile | Bot detection on signup | IP address, browser headers (transient) | EU | SUBPROCESSORS.md |
| Netlify | Static + serverless hosting + CDN | Request logs (IP, user-agent, URL — 7-day window) | US (CDN edge global) | SUBPROCESSORS.md |
| GoatCounter (anonymous analytics) | Page-view counts | Anonymous, no cookies, no IP retention beyond 24h | EU | SUBPROCESSORS.md |
| Upstash Redis | Rate limiting + token bucket | Hashed identifier (IP or user_id), counter | EU | SUBPROCESSORS.md |
2. Sub-processor detail
2.1 Supabase
Supabase provides our managed Postgres database, authentication system, and certificate-PDF storage. Account data, calibration data, certificate PDFs, and the audit log live in Supabase. Our project runs in the eu-west-2 (London) region. Supabase is operated by Supabase Inc., a US-incorporated company; the underlying infrastructure for our project is AWS in the UK. Personal data is encrypted at rest and in transit. Supabase is contracted under a Data Processing Addendum with the UK GDPR-aligned standard contractual clauses where applicable.
2.2 Stripe Payments Europe
Stripe processes subscription payments, manages payment methods, and issues invoices. Stripe receives the billing email you provide, the country and address fields needed for tax, and the tokenised payment method; we never see or store full card details. Stripe Payments Europe Ltd is based in Ireland and operates within the EU for European customers. Stripe is owned by Stripe, Inc., headquartered in the United States.
2.3 Resend
Resend delivers transactional and lifecycle emails on our behalf, including welcome messages, payment receipts, password resets, and the day-23 cancellation reminder. Resend receives the recipient's email address, the rendered message body, and deliverability metadata such as bounce and complaint signals. Resend is operated by Mailable Inc., headquartered in the United States; processing for our account uses EU infrastructure.
2.4 Microsoft 365
We use a Microsoft 365 shared mailbox to receive inbound email at support@calproof.co.uk. Anything you send to that address arrives in Microsoft 365, where the small number of staff who handle support can read and reply. Microsoft 365 receives the inbound email content and metadata. The Microsoft 365 tenant is configured for EU residency. Microsoft Ireland Operations Limited is the contracting entity; Microsoft Corporation is the ultimate parent.
2.5 Sentry
Sentry captures application errors and forwards stack traces so we can investigate problems quickly. Sentry receives the stack trace, the URL of the failing request, and the user_id of the signed-in user if there is one. We do not forward request bodies, customer data, or certificate content to Sentry. Sentry events are retained for 90 days. Sentry is operated by Functional Software, Inc., headquartered in the United States. Transfers rely on the standard contractual clauses approved by the UK Information Commissioner's Office.
2.6 Cloudflare Turnstile
Cloudflare Turnstile is the bot-detection challenge that protects the signup form from automated abuse. Turnstile briefly receives the visitor's IP address and standard browser headers when the challenge is solved. The data is transient and is not used to build a profile of the visitor. Turnstile processing for our account uses EU edge infrastructure. Cloudflare, Inc. is headquartered in the United States; Cloudflare Limited is the UK contracting entity.
2.7 Netlify
Netlify hosts the static and serverless parts of CalProof and serves traffic through its global content-delivery network. Netlify receives standard web request logs — IP address, user agent, and URL — which it retains for a 7-day rolling window. CDN edge nodes outside the UK and EU may serve cached static assets; transfers rely on the standard contractual clauses. Netlify, Inc. is headquartered in the United States.
2.8 GoatCounter
GoatCounter measures aggregate page-view counts. It is configured in cookieless mode, does not retain IP addresses beyond 24 hours, and does not allow individual users to be re-identified across sessions. GoatCounter is operated by Martin Tournoij as a sole proprietorship in the Republic of Ireland; data is hosted in the EU.
2.9 Upstash Redis
Upstash provides the Redis instance behind our rate limiter. The rate limiter stores a counter keyed on a hashed identifier (your IP address or, when you are signed in, a hash of your user_id). No application data passes through Upstash. Upstash, Inc. is headquartered in the United States; our instance runs on EU infrastructure.
3. Notice of changes
The list above is current as of the "lastUpdated" date at the top of this page. We will give active customers at least 30 days' notice by email before:
- adding a new sub-processor that handles personal data;
- removing a sub-processor in a way that affects how your data is handled;
- changing the region in which an existing sub-processor handles your data.
Notices will be sent from a calproof.co.uk address and will be posted on this page on the same day. If you would like to be added to a separate notification list for sub-processor changes, please email privacy@calproof.co.uk.