Sub-processors

The third-party providers Certivus Compliance Ltd uses to deliver the Certivus platform and this website. Last updated: 7 July 2026

Every provider below is bound by a written data processing agreement, processes personal data only on documented instructions, and — where processing happens outside the UK or EEA — is covered by UK adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses. Our Privacy Policy explains the roles and purposes in full.

Platform sub-processors

Used to deliver the Certivus compliance platform, including identity verification checks instructed by customer firms.

ProviderPurposePersonal dataLocationTransfer safeguard
Identity verification and screening data partners (including UK credit reference agencies)Document, biometric, database, and PEP/sanctions screening checks instructed by customer firmsEnd-client identity data submitted for verificationUnited KingdomData processing terms in partner agreements; named partner list available to customers via the DPO
SupabasePlatform database, authentication, and storageCustomer account data and compliance recordsUnited KingdomData processing agreement
VercelWebsite and application hosting, content deliverySite usage data, IP addressesGlobal edge network (US company)DPA with EU SCCs + UK Addendum
StripePayment processing for subscriptionsBilling contact and payment detailsUK / EEA (US parent)DPA with EU SCCs + UK Addendum
ResendTransactional and notification email deliveryNames, email addresses, message contentUnited StatesDPA with EU SCCs + UK Addendum

Website and marketing providers

Used on certivus.com. Analytics and marketing providers only activate with your cookie consent — see our Cookie Policy.

ProviderPurposePersonal dataLocationTransfer safeguard
Google (Analytics 4)Website analytics — only after analytics consentUsage data, cookie identifiersEEA / United StatesGoogle Ads Data Processing Terms (SCCs + UK Addendum)
Plausible AnalyticsCookieless aggregate analyticsAggregate page statistics only — no personal identifiersEuropean UnionUK adequacy (EU)
Meta PlatformsAdvertising measurement — only after marketing consentCookie identifiers, event dataEEA / United StatesMeta data processing terms (SCCs + UK Addendum)
Apollo.ioB2B visitor identification and marketing attribution — only after marketing consentBusiness contact and firmographic signalsUnited StatesDPA with EU SCCs + UK Addendum
Rajoka group shared services (AIOS)Lead handling, demo booking, and internal marketing analyticsEnquiry and lead details you submitUnited KingdomIntra-group data sharing terms

Changes to this list

We update this page before engaging a new sub-processor that will handle customer or end-client personal data, and notify customers in line with their data processing addendum, giving them the opportunity to object. Customers can request the detailed sub-processor register — including the named identity verification and data partners for their plan — from support@certivus.com or our DPO at dpo@harveyslegal.com.