Sign In Get Started

Back to Trust Center

Subprocessors

The third-party services we use to operate EffortlessRisk. Each subprocessor has agreed to data protection terms appropriate to the data they handle.

Customers will receive notification at least 30 days before any new subprocessor is engaged or any existing subprocessor is replaced.

Vercel

Application hosting, serverless compute, CDN

Website Their DPA

Data Handled: All application traffic and request metadata
Location: United States (global edge)
Certifications: SOC 2 Type 2, ISO 27001, GDPR DPA

Supabase

Primary database (PostgreSQL), authentication, file storage

Website Their DPA

Data Handled: Customer accounts, vendor records, assessments, activity logs
Location: United States (us-east region)
Certifications: SOC 2 Type 2, HIPAA-eligible, GDPR DPA

Stripe

Payment processing and subscription billing

Website Their DPA

Data Handled: Billing email, payment method (tokenized), invoice history
Location: United States
Certifications: PCI DSS Level 1, SOC 1, SOC 2, ISO 27001, GDPR DPA

OpenAI

AI-powered risk scoring and assessment generation (GPT-4)

Website Their DPA

Data Handled: Vendor names, descriptions, public business data submitted for analysis
Location: United States
Certifications: SOC 2 Type 2, GDPR DPA. Zero data retention on API tier — prompts not used for model training.

Perplexity

Real-time web search and adverse media research

Website Their DPA

Data Handled: Vendor names submitted as search queries
Location: United States
Certifications: SOC 2 Type 2, GDPR DPA

Resend

Transactional email delivery (account, notifications, questionnaires)

Website Their DPA

Data Handled: Recipient email addresses, message content
Location: United States
Certifications: GDPR DPA, SOC 2 Type 2

OpenSanctions

Sanctions, PEP, and watchlist screening

Data Handled: Vendor and individual names submitted for screening
Location: European Union (Germany)
Certifications: Public-data aggregator, GDPR-compliant

SEC EDGAR (U.S. Securities and Exchange Commission)

Public company verification and financial filings lookup

Data Handled: Company names submitted as search queries
Location: United States (government)
Certifications: Public government data source

Companies House (UK Government)

UK company verification, officer and beneficial owner data

Data Handled: UK company names submitted as search queries
Location: United Kingdom (government)
Certifications: Public government data source

Questions or change requests?

Email security@effortlessrisk.com for subprocessor objections, change notifications, or related compliance inquiries.