Subprocessors
Effective date: 12 May 2026 · Last updated: 12 May 2026 A subprocessor is a third-party vendor Sumvin uses to deliver part of the platform. Each subprocessor on this list has been chosen for a specific function, contracted under a data processing agreement, and reviewed for security posture against the residency requirement that applies to its scope. The list is short by design — Sumvin’s architecture deliberately concentrates customer data in a small number of well-controlled places. This page is the canonical, dated list. Each entry shows the date the vendor was added; material changes (additions, removals, replacements) are recorded here with the date the change took effect and are notified to partners in advance under the partner DPA.Selection criteria
Every subprocessor on this list satisfies the same baseline:- US data processing for customer data. Any vendor that holds or processes customer data — accounts, KYC, transactional history, key material, or operational telemetry derived from them — does so on US infrastructure. Vendors that route only non-customer data (for example, public blockchain RPC calls or short-lived signature-verification nonces) are listed separately under Edge services so the scope is explicit.
- Independent security attestation appropriate to the function — typically SOC 2 Type II, ISO 27001, or equivalent.
- Encryption in transit and at rest by default.
- A signed data processing agreement with Sumvin.
- A specific, scoped function — Sumvin does not adopt vendors speculatively. Each entry below names the function the vendor performs.
Infrastructure and data hosting
These are the vendors that hold or move customer data on Sumvin’s behalf.| Subprocessor | Function | Region | Added |
|---|---|---|---|
| Google Cloud Platform | Primary cloud infrastructure — compute, container orchestration, object storage, secret management, key management, observability backend. | United States (us-east4) | May 2026 |
| PlanetScale | Managed MySQL database — the system of record for accounts, wallets, transactions, KYC status, and authorisation records. | United States | May 2026 |
| Upstash | Managed Redis cache and durable workflow execution (QStash). | United States | May 2026 |
| GitHub | Source code hosting and continuous integration. Production credentials are not stored in GitHub; deployments are mediated by signed, attested pipelines. | United States | May 2026 |
Identity and KYC
Vendors that participate in identity verification and authentication.| Subprocessor | Function | Region | Added |
|---|---|---|---|
| Sumsub | Identity verification (KYC and AML screening). Holds the underlying identity documents; Sumvin holds only the structured outputs. | United States (configured for US user base) | May 2026 |
| Prelude | Phone number verification (one-time-passcode delivery and verification). | United States | May 2026 |
| Dynamic Labs | Authentication provider — wallet-based and email/social sign-in for end-users of partner applications (one of several options). | United States | May 2026 |
| Clerk | Authentication for partner-organisation members of the SIS Dashboard (B2B tenant authentication). | United States | May 2026 |
Banking, cards, and payments
Vendors that perform regulated activity Sumvin does not perform itself. Card issuing runs on Visa Intelligent Commerce: a user’s verified Sumvin identity is carried onto a Visa card, with card issuing and cardholder-data processing performed by the regulated issuance partner named below. Sumvin does not store card numbers.| Subprocessor | Function | Region | Added |
|---|---|---|---|
| Baanx | Regulated card issuing and processing partner; the Visa issuance partner behind Sumvin’s Visa Intelligent Commerce cards. Holds cardholder data within their own compliant card-processing environment; Sumvin does not store card numbers. | United States (US programme) | May 2026 |
| Meld | Crypto on-ramp, off-ramp, and bank-linking aggregation (open-banking connectivity for linking external bank accounts). | United States | May 2026 |
Cryptographic key custody
| Subprocessor | Function | Region | Added |
|---|---|---|---|
| Google Cloud HSM | Hardware security modules for agent signing keys, JWT issuer keys, and field-level encryption keys. FIPS 140-2 Level 3. Keys never leave the hardware. | United States | May 2026 |
| Turnkey | Custody of minter keys used to mint identity NFTs at the end of KYC. Scoped to mint-transaction signing only; does not hold user funds. | United States | May 2026 |
AI and assistive features
Vendors that participate in Sumvin’s AI-powered features (chat, insights, assistive flows). The specific large-language-model inference provider is named in the compliance pack provided under NDA; LLM providers are selected for US-hosted inference and contractual no-train-on-customer-data terms.| Subprocessor | Function | Region | Added |
|---|---|---|---|
| LLM inference provider | Large language model inference for in-product AI assistance. Provider named in compliance pack. Customer prompts are not used to train models. | United States | May 2026 |
| Langfuse | Prompt management and AI observability. | United States | May 2026 |
| E2B | Sandboxed code-execution environment used by AI features. | United States | May 2026 |
Observability and operations
Vendors that receive operational telemetry. Sensitive payloads are redacted before reaching these systems.| Subprocessor | Function | Region | Added |
|---|---|---|---|
| Logfire | Application traces, logs, and metrics. | United States | May 2026 |
| Statsig | Feature flag configuration. Receives feature-flag evaluation context, not raw customer data. | United States | May 2026 |
Hosting partners for partner-facing surfaces
| Subprocessor | Function | Region | Added |
|---|---|---|---|
| Vercel | Hosting for the Sumvin-operated frontends (the SIS Dashboard and marketing site). End-user PII does not transit Vercel; the frontend calls Sumvin’s API directly. | United States | May 2026 |
Edge services (non-customer data)
The vendors below operate globally distributed networks. They are listed separately because their scope is restricted to traffic that does not carry Sumvin customer data — public blockchain RPC payloads, short-lived authentication nonces, and ERC-4337 bundler relay. They do not hold accounts, KYC, transactional records, key material, or any personally identifiable information.| Subprocessor | Function | Scope | Region | Added |
|---|---|---|---|---|
| Cloudflare | Edge proxy for public blockchain RPC traffic and stateless edge workers for wallet-ownership verification (SIWE nonce issuance and signature verification). | Chain-RPC payloads, signature-verification calls, short-lived authentication nonces. Profile, KYC, transactional, and key data do not transit Cloudflare. | Globally distributed edge | May 2026 |
| Pimlico | ERC-4337 bundler service for sponsored on-chain transactions. Relays already-signed user operations to the public mempool. | Already-signed userOp payloads bound for a public blockchain. Does not handle PII or customer-account data. | Globally distributed edge | May 2026 |
Updates to this list
When Sumvin adds, removes, or replaces a subprocessor:- This page is updated with the change and the date the change took effect.
- Partners on a Data Processing Agreement that requires advance notice are notified ahead of the change, in line with the notice period in the DPA.
- The change is reflected in the next compliance-pack revision provided to partners under NDA.
Change log
| Date | Change |
|---|---|
| 12 May 2026 | Initial publication. |
See also
- Trust & Security overview — the broader picture of how Sumvin protects data.