Sub-processors
Effective starting:
Account owner and system administrator specific sub-processors
Sub-processor services we use to engage and support your organisation. Registrants, contacts and instructors do not make use of these services.
| Sub-processor | Business location | Data processing location(s) | Description of services provided |
|---|---|---|---|
| Hubspot https://www.hubspot.com | Ireland | Germany | Software products for inbound marketing, sales, and customer service. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://www.hubspot.com/security |
| Stripe https://stripe.com | San Francisco, California, US | EU & US regions (depending on payment method) | Payment processing infrastructure used for managing payments, payouts, connected accounts, and financial reporting. Processes personal and financial data. Uses Standard Contractual Clauses. Security measures: https://stripe.com/docs/security |
| Xero https://www.xero.com/uk | London, United Kingdom | United Kingdom (primary), EU & Global (as required for specific services) | Cloud accounting platform used for invoicing, financial reconciliation, and payment tracking. Data for UK organisations is primarily hosted in AWS UK data centres. Processes customer, billing, and financial data. Uses Standard Contractual Clauses. Security measures: https://www.xero.com/uk/about/security |
All user sub-processors
Sub-processor services we use to engage and support your organisation, your trainings, your instructors and your registrants.
| Subprocessor | Business location | Data processing location(s) | Description of services provided |
|---|---|---|---|
| Vercel https://www.vercel.com/home | San Francisco, California, US | Germany (Frankfurt) | Cloud hosting infrastructure for the whole application stack. Processes personal data. Uses Standard Contractual Clauses. Technical security measures: https://vercel.com/legal/dpa (see Schedule 2 of DPA) |
| Resend https://www.resend.com | San Francisco, California, US | Ireland (Dublin) | Email sending service. Processes personal data used in the delivery and communication of email messages. Uses Standard Contractual Clauses. Technical security measures: https://resend.com/legal/dpa (see Exhibit C of DPA) |
| AWS (Amazon Web Services) https://aws.amazon.com | Seattle, Washington, US | Germany (Frankfurt) | Used for file and image storage (Amazon S3). Processes uploaded documents, assets, and related metadata. Uses Standard Contractual Clauses. Technical security measures: • Strengthened commitments for EU data transfers: https://aws.amazon.com/blogs/security/aws-and-eu-data-transfers-strengthened-commitments-to-protect-customer-data • Security practices overview: https://aws.amazon.com/security |
| Neon https://neon.tech | San Francisco, California, US | Germany (Frankfurt) | Cloud PostgreSQL database hosting. Stores and processes application data, including user account information, training data, and registrant records. Uses Standard Contractual Clauses. Technical security measures documented in Annex C of the Neon Data Processing Addendum (DPA): https://neon.com/dpa |
| Trigger.dev https://trigger.dev | Boston, Massachusetts, US | Germany (Frankfurt) | Background job orchestration for long-running tasks (broadcast emails, generating documents, automated workflows). Processes personal data as part of job execution. Uses Standard Contractual Clauses. Technical security measures documented in Annex 2 of their Data Processing Addendum: https://trigger.dev/legal |