This page lists every subprocessor that may process personal data on behalf of Basely Virtual Ltd in the course of providing our service. We notify customers at least 14 days before adding or replacing a subprocessor.
To subscribe to change notifications, email privacy@basely.virtual.
Current subprocessors
| Subprocessor | Purpose | Location | Data categories | Transfer safeguard |
|---|---|---|---|---|
| Supabase Inc. | PostgreSQL database, file storage | United States and EU (eu-west-2) | All customer data, mail scans, encrypted PII | EU Standard Contractual Clauses + UK Addendum |
| Vercel Inc. | Application hosting and edge functions | United States | Logs, request metadata | EU SCCs + UK Addendum |
| Stripe Payments UK Ltd. | Payment processing, subscription billing, invoicing | United Kingdom and Ireland | Cardholder data (Stripe-hosted), billing address, email | UK Data Protection Act 2018 / PCI DSS |
| Onfido Ltd. | Identity verification (document and facial similarity) | United Kingdom | Government-issued ID, selfie, address verification | UK GDPR direct compliance |
| IVXS UK Limited (ComplyAdvantage) | PEP, sanctions, and adverse-media screening | United Kingdom | Name, date of birth, nationality, residency | UK GDPR direct compliance |
| Anthropic PBC | Mail classification, summarisation, and customer chatbot | United States | Mail OCR text (no PII in prompts where avoidable) | EU SCCs + UK Addendum |
| Amazon Web Services EMEA SARL | OCR via Amazon Textract | European Union (eu-west-2) | Mail scan images and extracted text | EU SCCs + UK Addendum + AWS DPA |
| Resend Inc. | Transactional and marketing email delivery | United States | Email addresses, message contents | EU SCCs + UK Addendum |
| Twilio Inc. | SMS and WhatsApp notifications | United States and Ireland | Phone numbers, message body | EU SCCs + UK Addendum |
| Inngest Inc. | Background job orchestration | United States | Job payloads (no PII where possible) | EU SCCs + UK Addendum |
| Upstash Inc. | Distributed rate limiting (Redis) | European Union | Hashed identifiers (IP, email hash) for rate-limit counters | EU GDPR direct compliance |
| Sentry (Functional Software Inc.) | Error monitoring and performance tracing | United States | Error stack traces, request metadata (PII stripped client-side) | EU SCCs + UK Addendum |
| BetterStack | Synthetic uptime monitoring | European Union | Application health metadata | EU GDPR direct compliance |
| Companies House | Statutory filings and PSC lookups | United Kingdom | Director and PSC personal data (public register) | Public register, no DPA needed |