Legal
Sub-processors
Last updated: June 2026
This page lists every third-party service (“sub-processor”) that Softfox Ltd engages to deliver the Safeguard platform and that may process personal data on behalf of our customers. It is maintained in accordance with our Data Processing Agreement.
We will notify customers with 7 days' notice before adding or replacing a sub-processor. Updates are reflected in the “Last updated” date above.
| Name | Purpose | Location | Certifications |
|---|---|---|---|
| Heroku (Salesforce) | Infrastructure and hosting — all application data is stored here | EU (Ireland) | ISO 27001, SOC 2 Type II |
| Auth0 (Okta) | Authentication — processes email addresses and session tokens for login | EU | ISO 27001, SOC 2 Type II |
| Cloudflare | File storage — DBS certificates and Chaperone licence PDFs are stored in Cloudflare R2 object storage; files are encrypted at rest and only accessible via short-lived signed URLs | EU (Western Europe) | ISO 27001, SOC 2 Type II |
| Stripe (Stripe Payments Europe, Ltd) | Payment processing — subscription billing and card payments; card details are sent directly to Stripe and are never stored by Softfox | EU (Ireland) | PCI DSS Level 1, SOC 2 Type II |
| Resend | Transactional email delivery — sends account, invitation, and notification emails; processes recipient email addresses and message content | US (Standard Contractual Clauses) | SOC 2 Type II |
| Better Stack | Log management — aggregates application and platform logs for operational monitoring and troubleshooting; logs may contain limited personal data such as IP addresses | EU | ISO 27001 |
Full certification details and data processing addenda are available from each sub-processor directly. Contact us at hello@softfox.com if you need copies.