Sub-processors
The third-party providers Certivus Compliance Ltd uses to deliver the Certivus platform and this website. Last updated: 7 July 2026
Every provider below is bound by a written data processing agreement, processes personal data only on documented instructions, and — where processing happens outside the UK or EEA — is covered by UK adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses. Our Privacy Policy explains the roles and purposes in full.
Platform sub-processors
Used to deliver the Certivus compliance platform, including identity verification checks instructed by customer firms.
| Provider | Purpose | Personal data | Location | Transfer safeguard |
|---|---|---|---|---|
| Identity verification and screening data partners (including UK credit reference agencies) | Document, biometric, database, and PEP/sanctions screening checks instructed by customer firms | End-client identity data submitted for verification | United Kingdom | Data processing terms in partner agreements; named partner list available to customers via the DPO |
| Supabase | Platform database, authentication, and storage | Customer account data and compliance records | United Kingdom | Data processing agreement |
| Vercel | Website and application hosting, content delivery | Site usage data, IP addresses | Global edge network (US company) | DPA with EU SCCs + UK Addendum |
| Stripe | Payment processing for subscriptions | Billing contact and payment details | UK / EEA (US parent) | DPA with EU SCCs + UK Addendum |
| Resend | Transactional and notification email delivery | Names, email addresses, message content | United States | DPA with EU SCCs + UK Addendum |
Website and marketing providers
Used on certivus.com. Analytics and marketing providers only activate with your cookie consent — see our Cookie Policy.
| Provider | Purpose | Personal data | Location | Transfer safeguard |
|---|---|---|---|---|
| Google (Analytics 4) | Website analytics — only after analytics consent | Usage data, cookie identifiers | EEA / United States | Google Ads Data Processing Terms (SCCs + UK Addendum) |
| Plausible Analytics | Cookieless aggregate analytics | Aggregate page statistics only — no personal identifiers | European Union | UK adequacy (EU) |
| Meta Platforms | Advertising measurement — only after marketing consent | Cookie identifiers, event data | EEA / United States | Meta data processing terms (SCCs + UK Addendum) |
| Apollo.io | B2B visitor identification and marketing attribution — only after marketing consent | Business contact and firmographic signals | United States | DPA with EU SCCs + UK Addendum |
| Rajoka group shared services (AIOS) | Lead handling, demo booking, and internal marketing analytics | Enquiry and lead details you submit | United Kingdom | Intra-group data sharing terms |
Changes to this list
We update this page before engaging a new sub-processor that will handle customer or end-client personal data, and notify customers in line with their data processing addendum, giving them the opportunity to object. Customers can request the detailed sub-processor register — including the named identity verification and data partners for their plan — from support@certivus.com or our DPO at dpo@harveyslegal.com.