← Back to Sageon
Subprocessors
Last updated: 17 May 2026
Under UK GDPR Article 28, we list the third-party processors that may handle personal data on our behalf. We use only the providers below. Each is bound by Standard Contractual Clauses, the UK-US Data Bridge, or equivalent safeguards where data leaves the UK.
Current subprocessors
| Provider | Purpose | Location | Notes |
|---|---|---|---|
| Stripe Payments Europe Ltd | Payment processing | Ireland · United States | PCI DSS Level 1. Standard Contractual Clauses. |
| Supabase Inc. | Database, authentication, storage | United States · EU/UK regions for hosted projects | GDPR-compliant. Customer data hosted in our chosen region. |
| Resend Inc. | Transactional email delivery | United States | GDPR-compliant. Standard Contractual Clauses. |
| Vercel Inc. | Web hosting and edge functions | United States · global edge | GDPR-compliant. Standard Contractual Clauses. |
| Cloudflare Inc. | DNS and CDN | United States · global | GDPR-compliant. Standard Contractual Clauses. |
| Anthropic, PBC | AI processing for Sage features | United States | Does NOT use API data to train models. Standard Contractual Clauses + UK Data Bridge. |
| GitHub, Inc. | Source code hosting (no customer data) | United States | No customer data stored here. |
Notifications of changes
We'll notify customers via email at least 30 days before adding or changing a subprocessor that handles personal data. Customers can object - see the DPA.
Contact
Questions about subprocessors: hello@sageon.co.uk
Sageon Ltd
Company no. 17218060 · Registered in England and Wales
Registered office: 66 Paul Street, London EC2A 4NA
Contact: hello@sageon.co.uk