SecurityPassport
Request access
Legal

Subprocessor List

Review the categories of third-party providers that may support SecurityPassport infrastructure, storage, communications, billing, monitoring, and platform operations.

ContactPrivacy policy
Transparency
Subprocessor categories for procurement review.
Privacy
Connected to DPA and privacy review workflows.
Security
Operational providers aligned to platform delivery.
Trust

Subprocessor review context for enterprise procurement.

Infrastructure
Object storage
Email delivery
Payment processing
Monitoring
Authentication
Legal

Subprocessor List

Subprocessor List

SecurityPassport

Last updated: June 3, 2026

1. Purpose

This Subprocessor List describes third-party providers that may support the operation, security, delivery, billing, monitoring, or communication workflows of SecurityPassport.

SecurityPassport uses subprocessors only where necessary to provide the platform, support customer workspaces, maintain service reliability, process payments, deliver communications, operate infrastructure, or protect the service.

2. Scope

Subprocessors may process limited customer data, account data, operational metadata, security logs, billing data, or service communication data depending on the service they provide.

SecurityPassport remains responsible for its subprocessors under applicable agreements and data protection obligations.

3. Subprocessor Categories

CategoryPurposeData Processed
Cloud infrastructureHosting application, databases, runtime services, and production workloadsCustomer workspace data, operational metadata, account data
Object storageStoring uploaded evidence, exports, attachments, and generated filesCustomer-controlled files and metadata
Email deliverySending authentication, notification, support, and service emailsEmail address, message metadata, service messages
Payment processingProcessing subscriptions, invoices, and billing eventsBilling contact data, payment metadata
Monitoring and loggingReliability, security monitoring, diagnostics, and incident investigationOperational logs, request metadata, error data
Authentication and identityLogin, session, and identity-related workflowsAccount identifiers, authentication metadata

4. Security and Contractual Controls

SecurityPassport evaluates subprocessors based on the role they perform, the data they process, and the security or operational risk they introduce.

Subprocessors are expected to maintain appropriate technical and organizational controls, confidentiality obligations, access restrictions, and data protection commitments.

5. International Transfers

Where subprocessors process personal data outside the European Economic Area, SecurityPassport relies on appropriate transfer safeguards such as Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms where applicable.

6. Updates

SecurityPassport may update this list when subprocessors are added, removed, or materially changed.

Customers with contractual notification rights may receive notice according to their agreement.

7. Contact

Questions about subprocessors may be sent to:

SecurityPassport
Rue Elisabeth
5030 Gembloux
Belgium

Email: hello@securitypassport.com

Next step

Need subprocessor or DPA clarification?

Contact SecurityPassport for privacy, legal, security, or procurement review.

ContactView privacy policy