Sub-processors
Last updated: March 2026
AssessKit is operated by Crocker Digital Ltd (Company No. 17008789), a company registered in England and Wales.
Disclaimer: This document is provided for informational purposes and does not constitute legal advice. You should consult a qualified solicitor if you require formal legal guidance.
Overview
AssessKit uses a limited number of third-party service providers (sub-processors) to help deliver the service. These providers process data on our behalf and under our instructions. We select providers that maintain appropriate security and data protection standards.
This page lists all sub-processors that may process personal data or user-generated content as part of delivering AssessKit.
Sub-processor List
| Sub-processor | Purpose | Data Processed | Location(s) |
|---|---|---|---|
| Supabase | Database, authentication, and file storage | Account data (name, email, hashed passwords), organisation details, assessment data, uploaded photos, generated reports | EU / US |
| Netlify | Website and application hosting, CDN | Application code, static assets, request logs (IP addresses, user agent) | US / EU |
| Stripe | Payment processing and subscription management | Billing name, billing address, payment card details (held by Stripe — we do not store card numbers), payment history, subscription status | US / EU |
| Resend | Transactional email delivery | Recipient email address, email subject and body content (e.g., password resets, billing confirmations) | US |
| GoatCounter | Website analytics | Anonymised page view data only — no personal data, no cookies, no user tracking | EU |
Notes
-
Supabase hosts our primary database and file storage. All assessment data, client records, and uploaded files are stored through Supabase. Authentication (sign-in/sign-up) is also handled by Supabase Auth.
-
Netlify hosts the AssessKit web application and serves it via a content delivery network (CDN). Netlify may process standard web request data (such as IP addresses) in its server logs.
-
Stripe handles all payment processing. We do not store your card number, expiry date, or CVC on our own systems. This data is held and processed directly by Stripe, which is PCI DSS Level 1 certified.
-
Resend is used solely for transactional emails — messages directly related to operating your account (such as password resets and billing notifications). We do not use Resend for marketing emails.
-
GoatCounter is a privacy-friendly, cookieless analytics tool. It collects only aggregate page view statistics. It does not collect personal data, set cookies, or track individual users.
International Transfers
Some sub-processors are based in or process data in the United States. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or reliance on adequacy decisions, as required by UK GDPR.
Changes to This List
We will update this page if we add or change sub-processors. If a change materially affects the processing of your data, we will notify you by email or through the application before the change takes effect.
Contact Us
If you have questions about our sub-processors, contact us at:
- Email: privacy@assesskit.co.uk
- Company: Crocker Digital Ltd (Company No. 17008789)
- Website: assesskit.co.uk