Sub-processors
The third-party providers Standwyse engages to deliver the Service, the personal data each receives, where it is processed, and the safeguard relied on for any transfer outside the UK/EEA.
Effective 2026-06-23.
Current sub-processors
We share personal data with the sub-processors below strictly to provide the Service. This list is the canonical record and is kept consistent with our Data Processing Agreement and Privacy Policy.
| Sub-processor | Purpose | Region | Transfer safeguard |
|---|---|---|---|
| Supabase | Database, authentication, and document storage (our primary data store). | United Kingdom (London) | Within UK/EEA |
| Vercel | Application hosting; processes request data and server logs. | United Kingdom (London) | Within UK/EEA |
| Anthropic | AI document extraction and assistance; receives document content and AI conversation context. Not used to train models. | United States | SCCs + UK IDTA |
| OpenAI | AI assistance features; receives the context sent to the model for AI-assisted responses. Not used to train models. | United States | SCCs + UK IDTA |
| Inngest | Background job orchestration (such as document review runs and data-export jobs); receives job identifiers and event payloads. | United States | SCCs + UK IDTA |
| Resend | Transactional email delivery; receives recipient address and message content. | United States | SCCs + UK IDTA |
| Stripe | Payment processing; receives billing contact and payment details. Card data is collected by Stripe directly and never touches Standwyse servers. | United States / global | SCCs + UK IDTA |
| Sentry | Error monitoring; receives diagnostic data with a PII redaction filter applied. | European Union | Within UK/EEA |
| PostHog | Product analytics; server-side events keyed by identifiers, with client-side capture only after cookie consent. | European Union | Within UK/EEA |
| HubSpot | CRM integration (optional, organiser-enabled); when an organiser connects HubSpot, we exchange OAuth tokens with HubSpot and receive their exhibitor company and contact records to import into Standwyse. | United States | SCCs + UK IDTA |
International transfers
Some sub-processors are located outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement/Addendum and the EU Standard Contractual Clauses, as reflected in each provider’s data processing terms and shown in the “Transfer safeguard” column above. “Within UK/EEA” indicates no restricted transfer applies.
Changes and notice
Under our Data Processing Agreement, the Customer (the event organiser, as controller) gives general authorisation for these sub-processors. We give reasonable advance notice — at least 30 days for material changes — of any intended addition or replacement, allowing the Customer to object on reasonable data-protection grounds. To be notified of changes, or to raise an objection, contact privacy@standwyse.com.