Trust

Subprocessor Register

Version 2026-07-12.1

How to read this register

These providers may process customer personal data when the relevant feature is used. A provider's corporate location is not necessarily the only processing location. Contractual safeguards and transfer assessments are maintained as part of our supplier review. Customers should rely on their signed DPA for notice and objection terms.

ProviderPurpose and dataPrincipal locationTransfer position
Google CloudApplication hosting, databases, object storage, logging and secrets. Customer content and service metadata.Primary resources: London, UKUK primary hosting; limited support or service processing may involve other locations under contractual safeguards.
Amazon Web Services (AWS)Amazon Bedrock hosting of Anthropic's Claude model for extraction, comparison and drafting. Minimized workflow content and prompts are processed using direct in-region inference with Zero Data Retention. AWS states that third-party model providers cannot access Bedrock customer prompts or completions.London, UK (eu-west-2)Customer-content inference is restricted to the London in-region endpoint. European and global cross-region inference profiles are not used. Limited AWS support or security metadata may be processed elsewhere under applicable contractual safeguards.
MicrosoftEntra authentication and, when enabled, Microsoft Graph or mailbox integrations. Staff identity and feature-specific communications data.Global / customer tenant regionLocation depends on the customer's Microsoft tenant and service; applicable Microsoft terms and transfer safeguards apply.
StripeSubscription billing, invoices and payment status. Business contact and transaction information; card data is handled by Stripe.GlobalStripe's applicable UK data-transfer safeguards apply.
CloudflareDelivery and protection of the public marketing website. Network request and security metadata.Global networkCloudflare's applicable UK data-transfer safeguards apply.

Changes and questions

We version this register and provide notice of intended new subprocessors as required by the customer DPA. Contact privacy@sencoai.co.uk for the contractual register, transfer information or to use the DPA objection process.