SECURITY
Sub-processors
Sub-processors
Version: 1.0
Last updated: April 2026
Contact: legal@gatewaychecker.co.uk
Introduction
Gatewaychecker Ltd engages the sub-processors listed on this page to deliver the Gatewaychecker service. Each sub-processor has been selected based on their security standards, GDPR compliance posture, and contractual commitments to data protection.
Change notice commitment: We will provide at least 30 days' written notice before adding a new sub-processor that processes personal data, or making a material change to an existing sub-processor relationship. Customers with a signed Data Processing Agreement have the right to object to new sub-processors within the notice period.
Changes to this list are recorded in the Trust Documents Changelog. Customers may register to receive email notifications of sub-processor changes by contacting legal@gatewaychecker.co.uk.
Infrastructure Sub-processors
Supabase Inc.
| Field | Detail |
|---|---|
| Purpose | Database (PostgreSQL), authentication, file storage, edge functions |
| Data processed | All primary customer data: user accounts, organisation data, projects, submissions, documents, findings, audit logs |
| Location | AWS eu-west-1 (Ireland, EU) |
| DPA / Compliance | Supabase DPA (GDPR); SOC 2 Type II; ISO 27001 |
| Supabase privacy page | supabase.com/privacy |
Supabase acts as the primary data store for Gatewaychecker. All customer data is stored in the eu-west-1 AWS region. Row-Level Security (RLS) policies at the PostgreSQL layer enforce organisation-level data isolation.
Vercel Inc.
| Field | Detail |
|---|---|
| Purpose | Application hosting, serverless compute, CDN, CI/CD |
| Data processed | HTTP request data (including IP addresses), application logs; no persistent customer data stored by Vercel |
| Location | EU (Frankfurt) for primary data; Vercel edge nodes globally for CDN |
| DPA / Compliance | Vercel DPA (GDPR); SOC 2; ISO 27001 |
| Vercel privacy page | vercel.com/legal/privacy-policy |
Vercel hosts the Gatewaychecker web application. Customer submission data is not persisted in Vercel's infrastructure — it flows through to Supabase. Vercel processes request logs (including IP addresses) for up to 30 days.
AI Processing Sub-processors
OpenRouter Inc.
| Field | Detail |
|---|---|
| Purpose | AI model routing layer; proxies requests to Anthropic |
| Data processed | Document text (transient only — no storage after request completes) |
| Location | United States |
| DPA / Compliance | OpenRouter DPA; no retention of customer data |
| OpenRouter privacy page | openrouter.ai/privacy |
OpenRouter routes AI inference requests from Gatewaychecker to the Anthropic API. OpenRouter does not store or log customer document content after the inference request completes.
Anthropic PBC
| Field | Detail |
|---|---|
| Purpose | AI inference — analysis of documents against BSA Gateway 2 criteria |
| Data processed | Document text (transient only — inference only; no training) |
| Location | United States |
| DPA / Compliance | Anthropic API Terms of Service; no-training commitment |
| Anthropic privacy page | anthropic.com/privacy |
Anthropic provides the Claude Sonnet model used for Gateway 2 document analysis.
No-training commitment: Under Anthropic's API terms of service, data submitted via the API — including all document content submitted through Gatewaychecker — is not used to train, fine-tune, or improve Anthropic's models. Submitted document text is used solely for the inference call and is not retained by Anthropic after the response is returned.
This commitment applies to all document content including fire strategies, structural reports, competence declarations, and change control logs submitted by customers.
Communication Sub-processors
Resend Inc.
| Field | Detail |
|---|---|
| Purpose | Transactional email delivery: magic link authentication, collaborator invites, analysis completion notifications |
| Data processed | Recipient email address, email body content, delivery status |
| Location | EU (primary); US (backup delivery infrastructure) |
| DPA / Compliance | Resend DPA (GDPR); SOC 2 Type II |
| Resend privacy page | resend.com/privacy |
Resend processes email addresses and email body content for delivery purposes only. Email content may include project names and risk score summaries in notification emails; it does not include full document content or detailed findings.
Payment Sub-processors
Stripe Inc.
| Field | Detail |
|---|---|
| Purpose | Payment processing, subscription billing, invoicing |
| Data processed | Billing name, billing email, billing address, payment card data |
| Location | EU + United States |
| DPA / Compliance | Stripe DPA (GDPR); PCI-DSS Level 1 Service Provider |
| Stripe privacy page | stripe.com/privacy |
Card data isolation: Payment card details (card numbers, CVV, expiry dates) are entered directly into Stripe's PCI-DSS compliant hosted checkout page and never pass through Gatewaychecker servers. Gatewaychecker receives only a tokenised Stripe customer ID and subscription status. Gatewaychecker is out of scope for PCI-DSS cardholder data requirements.
Stripe processes billing information (name, email, address) for invoicing and fraud prevention purposes.
Optional Integration Sub-processors
The following sub-processor is engaged only when a customer explicitly enables the Microsoft 365 integration in their account settings.
Microsoft Corporation
| Field | Detail |
|---|---|
| Purpose | SharePoint and OneDrive document source integration |
| Data processed | Microsoft account email, OAuth access and refresh tokens, SharePoint file metadata, PDF file content (downloaded for analysis) |
| Location | EU (dependent on customer's Microsoft 365 tenancy) |
| DPA / Compliance | Microsoft Online Services DPA (GDPR); ISO 27001; SOC 2 |
| Microsoft privacy page | microsoft.com/privacy |
The Microsoft integration is opt-in and can be disconnected at any time from Settings → Integrations. On disconnection, all OAuth tokens are immediately deleted from Gatewaychecker's database.
PDF content imported via SharePoint follows the same processing pipeline as directly uploaded documents (see Data Flows). Anthropic's no-training commitment applies equally to documents imported via SharePoint.
Changes to This List
Gatewaychecker will notify customers of sub-processor changes via:
- Email notification to the organisation's account owner (at least 30 days before the change takes effect).
- Update to this page, with the change date recorded in the Trust Documents Changelog.
- Changelog entry at
/changelog.
Customers who have signed a Data Processing Agreement with Gatewaychecker have the right to object to new sub-processors within the 30-day notice period. If a customer objects on reasonable data protection grounds and Gatewaychecker cannot address the objection, the customer may terminate their contract without penalty.
To register for sub-processor change notifications or to exercise objection rights: legal@gatewaychecker.co.uk
Data Processing Agreement
If your organisation requires a signed Data Processing Agreement covering Gatewaychecker's use of sub-processors, a template DPA is available on the Data Processing Agreement page. To execute a signed DPA, download the template, complete the customer details, and return to legal@gatewaychecker.co.uk.
Contact
Legal and DPA enquiries: legal@gatewaychecker.co.uk
Sub-processor change notifications: legal@gatewaychecker.co.uk
Questions about this document?
Contact legal@gatewaychecker.co.uk