Saont™ Subprocessors

Legal

1. Scope and control

Saont™ uses a limited number of infrastructure providers to operate, secure, and deliver the Service. Each provider is subject to contractual data protection obligations and is restricted to defined processing purposes only.

All subprocessors are selected based on security, necessity, and operational integrity. Saont™ does not permit subprocessors to use personal data for their own independent purposes where acting as processors.

2. Role classification

Each provider operates under one of the following roles:

Subprocessor: processes personal data strictly on behalf of Saont™
Independent controller: processes data under its own legal obligations
Mixed role: acts as both depending on function

3. Authorised subprocessors

Cloudflare, Inc.

Role: Subprocessor
Purpose: Security, CDN, DNS, traffic filtering
Data: IP address, request metadata, device data
Location: Global (incl. US)
Safeguards: UK IDTA / SCCs with UK Addendum

Render Services, Inc.

Role: Subprocessor
Purpose: Application hosting
Data: Operational data, logs, identifiers
Location: United States
Safeguards: UK IDTA / SCCs

MongoDB Atlas

Role: Subprocessor
Purpose: Database hosting
Data: Account, audit logs, operational data
Location: EEA (Ireland)
Safeguards: EEA hosting + contractual controls

Clerk, Inc.

Role: Subprocessor
Purpose: Authentication
Data: Session data, identifiers
Location: United States
Safeguards: UK IDTA / SCCs

Stripe, Inc.

Role: Mixed (Processor + Independent Controller)
Purpose: Billing and payment processing
Data: Billing identifiers, transaction data
Location: Global
Safeguards: Regulatory + contractual safeguards

Google LLC

Role: Independent Controller
Purpose: Email infrastructure
Data: Email metadata and content
Location: Global
Safeguards: UK IDTA / SCCs

Postmark

Role: Subprocessor
Purpose: Transactional email delivery
Data: Email address, message metadata
Location: United States
Safeguards: UK IDTA / SCCs

4. International transfers

Where data is transferred outside the UK or EEA, Saont™ applies appropriate safeguards including the UK International Data Transfer Agreement or Standard Contractual Clauses with UK Addendum.

5. Change management

Saont™ may update subprocessors where necessary. Changes are reflected on this page and governed by the Saont™ Data Processing Agreement.

6. Restrictions

Subprocessors are contractually restricted to:

processing data only on Saont™ instructions
maintaining confidentiality
implementing appropriate security controls