Sub-processors

Last updated: 19 May 2026

AssessKit is operated by Crocker Digital Ltd (Company No. 17008789), registered in England and Wales. To run the service we rely on a small number of trusted third-party providers, called "sub-processors". Where AssessKit processes personal data on behalf of a customer — see our Data Processing Agreement — these sub-processors may process that data on our documented instructions.

Each sub-processor is bound by data-protection terms that require it to protect personal data to a standard consistent with UK GDPR. We use only the providers needed to operate the service, and we do not sell personal data.

Current sub-processors

  • Supabase — database, authentication and file storage (assessment photos and company logos). Hosting region: London, United Kingdom. Supabase Inc. is incorporated in the United States; the project data resides in the UK.
  • Stripe — payment processing and subscription billing. Stripe holds card and billing data; AssessKit never stores card numbers. Ireland (contracting entity Stripe Payments Europe, Ltd) and United States (card-processing infrastructure).
  • Resend — transactional email delivery (password resets, team invitations, review reminders). Processes recipient email addresses. United States.
  • Netlify — application hosting, content delivery and scheduled functions. Processes request data in transit. United States.
  • Upstash — Redis-backed rate limiting for abuse protection. Processes IP addresses and account identifiers transiently. United States.
  • Sentry — error monitoring and diagnostics. May process technical request data and identifiers contained in error reports. United States.
  • Cloudflare — Turnstile bot-protection challenge on the signup form. Processes the visitor IP address and challenge data. United States and global network.
  • GoatCounter — privacy-friendly website analytics. Cookie-free; it does not store IP addresses or collect personal data. European Union.
  • Microsoft 365 — support mailbox (support@assesskit.co.uk). Processes inbound and outbound support email. European Union / United Kingdom (EU Data Boundary tenant).

International transfers

Some sub-processors are located outside the UK. Where personal data is transferred outside the UK, the transfer is covered by an appropriate safeguard — the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.

Changes

We update this page before adding or replacing a sub-processor that processes customer personal data, and we remain responsible for our sub-processors. Customers who would like advance notice of changes can contact us at the address below.

Contact

Crocker Digital Ltd, Company No. 17008789. support@assesskit.co.uk.