Trust CentreProcurement

Procurement pack

Security and compliance documents on request, sent direct to your inbox.

Six documents, one request

None of these documents are publicly downloadable. They are sent direct to your inbox so we can record what was shared, with whom, and on what date. We reply within one business day.

GDPR Data Processing AgreementAvailable

EU controller-processor agreement under GDPR Art. 28. Buyer supplies legal entity, registered address and signatory before execution.

Sub-processor listAvailable

Three EU-resident sub-processors: AWS, Vercel, Auth0. Live and citable at /trust#subprocessors. 30-day prior notice for changes.

Data Protection Impact AssessmentAvailable

Article 35 framework. Scoped to your stated processing activities before sending.

BCM and DR policyScoped on request

Business continuity and disaster recovery policy. Scoped to your deployment region and tier.

InfoSec policy summaryScoped on request

Information security controls summary. Mirrors the Security Infrastructure and Security Posture sections of /trust.

SIG or CAIQ-lite questionnaireScoped on request

Scoped to your cloud, processing regions, and chosen framework (CSA STAR, SIG Core, SIG Lite, CAIQ v4).

Request the pack

Pick what you need. We reply within one business day.

Documents to send

DPA, sub-processor list, and DPIA send immediately. BCM/DR, InfoSec, and SIG/CAIQ-lite are tailored to your deployment, so we may ask one or two clarifying questions first.