SigSlayer Subprocessor List
Last Updated: 2025-12-14
This Subprocessor List identifies third parties (“Subprocessors”) authorized by SigSlayer, a sole proprietorship (enskild firma) established in Sweden, to process personal data and/or customer data in connection with the SigSlayer service.
This list is maintained in accordance with:
- GDPR Article 28
- ISO/IEC 27001 requirements for supplier relationships and information security controls
- The SigSlayer Enterprise Addendum (DPA + EU SCCs)
SigSlayer performs risk-based due diligence on Subprocessors and remains responsible for the protection of data processed on its behalf.
Scope and Purpose
Subprocessors are engaged solely to support the provision, operation, and security of the SigSlayer service.
Each Subprocessor is contractually required to implement appropriate technical and organizational security measures.
SigSlayer does not permit Subprocessors to process data for their own purposes.
Authorized Subprocessors
Infrastructure, Hosting, and Data Storage
Supabase, Inc.
- Service Function: Application hosting, authentication, database, and file storage
- Data Categories: Account data, Customer Content, service metadata
- Processing Locations: United States
- Security Controls: Logical access controls, encryption in transit and at rest (where applicable), tenant isolation
AI and Automated Processing Services
OpenRouter
- Service Function: AI inference for document analysis, transformation, and response generation
- Data Categories: Customer Content submitted for AI processing
- Processing Locations: United States
- Security Controls: Encrypted transmission, restricted processing scope
Customer Content is not used to train shared or public AI models.
Payment and Billing
Stripe, Inc.
- Service Function: Subscription management and payment processing
- Data Categories: Billing contact information, transaction metadata
- Processing Locations: United States
- Security Controls: PCI-DSS–aligned controls
SigSlayer does not store full payment card details.
Email and Service Communications
Resend (or equivalent transactional email provider)
- Service Function: Transactional and service-related email delivery
- Data Categories: Email address, message metadata
- Processing Locations: United States
- Security Controls: Transport encryption, access controls
Monitoring, Logging, and Incident Detection
Sentry (or equivalent monitoring provider)
- Service Function: Application monitoring, error tracking, and diagnostics
- Data Categories: Log data and diagnostic metadata (may include limited personal data)
- Processing Locations: United States
- Security Controls: Role-based access, data minimization, encrypted transport
Supplier Risk Management
SigSlayer maintains a supplier management process aligned with ISO/IEC 27001, including:
- Risk-based assessment prior to onboarding Subprocessors
- Contractual data protection and confidentiality obligations
- Periodic review of Subprocessor suitability
- Limitation of Subprocessor access to the minimum necessary
Subprocessor Changes
SigSlayer may add, remove, or replace Subprocessors as necessary to operate the service.
Material changes to this list will be communicated by:
- Updating this page, and/or
- Notifying customers through the service where required by applicable law
Customer Questions and Objections
Customers may submit questions or objections regarding Subprocessors by contacting:
SigSlayer will evaluate objections in good faith and may propose reasonable alternatives where feasible.
Related Documents
This Subprocessor List should be read together with: