Does AffixIO publish a sub-processor list?

Yes. Categories and processing purposes are listed publicly. Enterprise customers may request named vendors under DPA.

How are sub-processor changes notified?

Enterprise customers receive notice per DPA terms before new sub-processors handle personal data.

Sub-processors

AffixIO uses third-party sub-processors to operate verification infrastructure. We impose Article 28 GDPR terms on each. This page lists categories and purposes. Named vendors are available to enterprise customers under DPA.

GDPRArticle 28UK GDPRsub-processorsdata processorverification APIenterprise procurement

Organisations evaluating a stateless verification API, zero-knowledge proof platform, or AI agent governance gate often ask for sub-processor transparency before security review. AffixIO aligns with GDPR and UK GDPR processor obligations. We do not sell personal data.

Sub-processor register (categories)

Category	Purpose	Typical data	Location
Cloud infrastructure	Hosting, databases, content delivery for API and web surfaces	Operational logs, encrypted configuration, ephemeral verification payloads	UK / EEA / US (contractual safeguards)
Security and monitoring	Intrusion detection, uptime monitoring, audit logging	IP addresses, request metadata (minimised)	UK / EEA
Payment processing	Subscription and usage billing for enterprise accounts	Billing contact, payment method tokens	Per processor DPA
Professional advisers	Legal, audit, insurance under confidentiality	As required for advice	UK

Last updated: 22 June 2026. Request the named vendor list via Contact with subject line Procurement from your corporate domain.

Change notification

Enterprise customers receive advance notice of new sub-processors per executed DPA. Objection rights and alternative arrangements are described in the DPA. Consumer website traffic is covered by the Privacy Policy.

International transfers

Where personal data leaves the UK or EEA, AffixIO uses UK IDTA, EU Standard Contractual Clauses, or equivalent mechanisms. See Privacy Policy section 10 and procurement pack for transfer summary.

FAQ

Is AffixIO a controller or processor?

For enterprise API usage, AffixIO typically acts as processor on customer instructions. Website analytics and account billing may involve controller activities described in the Privacy Policy.

Does verification data stay at the verifier?

By default, eligibility inputs are not retained at the verifier after verdict. Proof metadata may be logged per customer retention settings.