Crownlark uses the following third-party services to deliver its document chasing managed service. Each sub-processor has access to personal data only to the extent necessary for its specific role.
We review all sub-processors before use and hold them to data protection standards equivalent to our own obligations under UK GDPR.
Current Sub-processors
| Sub-processor | Purpose | Processing Location | Transfer Basis |
|---|---|---|---|
| Hetzner Online GmbH | Application hosting and infrastructure | Nuremberg, Germany (EU) | UK Adequacy |
| Cloudflare R2 | Encrypted document file storage | EU region | UK Adequacy |
| Amazon Web Services (AWS Textract) | Optical character recognition for document verification | London, UK (eu-west-2) | UK Domestic |
| Supabase | Database hosting | London, UK | UK Domestic |
| Postmark (ActiveCampaign, LLC) | Transactional email delivery | United States | UK IDTA |
| Inngest, Inc. | Background job and workflow processing | United States | UK IDTA |
| OpenAI, LLC | AI-assisted document verification | United States | UK IDTA |
| Anthropic, PBC | AI-assisted document verification | United States | UK IDTA |
| OpenRouter, Inc. | AI API routing for document verification | United States | UK IDTA |
Changes to This List
When we add or replace a sub-processor, we update this page and notify affected firms by email at least 7 days before the change takes effect, in accordance with our Data Processing Agreement.
Transfer Mechanisms — Plain English
- UK Adequacy — the country or region meets UK data protection standards, so no extra steps are needed.
- UK Domestic — data stays within the UK.
- UK IDTA — data is transferred to the United States under the UK International Data Transfer Agreement issued by the ICO, which legally requires the recipient to protect your data to UK standards.
Questions
Contact us at [email protected] for any questions about our sub-processors or data handling practices.