Sub-processors
The third parties below process Sigill.ai customer data on our behalf. Materially new sub-processors are announced here at least 30 days before they are introduced, so that customers under a data-processing agreement have a reasonable window to object.
| Sub-processor | Purpose | Data processed | Region |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud hosting — compute, database, KMS, secrets, transactional email | Account data, audit records, hashes, sealed documents in transit | EU (Stockholm, eu-north-1) |
| Stripe Payments Europe, Ltd. | Subscription billing and invoicing | Billing email, plan, payment metadata. Card data is never seen by Sigill. | EU |
| ZITADEL GmbH | Federated identity / SSO (Google, Microsoft Entra ID) | Email, OIDC claims, IdP metadata for tenants that enable SSO | EU (eu1.zitadel.cloud) |
| Cloudflare, Inc. | Turnstile bot protection on the public contact form only | IP address and browser fingerprint at form-submit time | Global edge |
| GitHub, Inc. (ghcr.io) | Container image registry for the API and frontend builds | No customer data — application images only | Global |
Transfers outside the EEA
Where a sub-processor operates outside the European Economic Area, the transfer relies on the EU Commission's Standard Contractual Clauses and — where the counterparty is established in the United States — the EU-US Data Privacy Framework. Sigill.ai itself is established in Norway (EEA) and runs its primary application data plane inside the EU.
What is not a sub-processor
Cryptographic counterparties — external Timestamp Authorities and Certificate Authorities — are not sub-processors in the GDPR sense. They never receive customer documents, only hashes (timestamping) or public-key certificate requests (CA issuance). They are documented under standards.
Notification
Customers on a paid plan with an executed data-processing agreement will be notified by email of new sub-processors at least 30 days before they begin processing. The notice period applies to materially new processors; routine regional capacity changes within an existing sub-processor (for example, AWS adding an availability zone inside eu-north-1) do not require a fresh notice.