Sub-Processors
Last updated: February 23, 2026
Under the UK GDPR and the Data Protection Act 2018, we are transparent about the third-party data processors ("sub-processors") we engage to deliver our services. Each sub-processor is bound by a Data Processing Agreement (DPA) that requires them to protect your data to the same standard we uphold.
Where data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place through UK International Data Transfer Agreements (UK IDTAs) or transfers to countries with UK adequacy status.
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and hosting | All platform data (encrypted) | EU (Ireland / Frankfurt) |
| Stripe | Payment processing | Billing and payment card information | United States (UK IDTA in place) |
| OpenAI | AI model provider for coaching and scoring | Practice session transcripts, anonymised performance data | United States (UK IDTA in place) |
| Google Cloud (Gemini) | AI model provider for coaching and analysis | Practice session transcripts, anonymised performance data | United States (UK IDTA in place) |
| ElevenLabs | Text-to-speech voice synthesis | AI-generated text for voice output (no personal data) | United States (UK IDTA in place) |
| PostHog | Product analytics | Anonymised usage events, device metadata | EU (Frankfurt) |
| Resend | Transactional email delivery | Email address, name | United States (UK IDTA in place) |
| Sentry | Error monitoring and performance | Error logs, anonymised session data | United States (UK IDTA in place) |
Changes to Sub-Processors
We will notify customers of any new sub-processors or material changes to existing sub-processors at least 30 days before the change takes effect. If you have concerns about a new sub-processor, you may object by contacting us at privacy@closrr.io.
Questions
For questions about our sub-processors or data processing arrangements, contact our Data Protection Officer at privacy@closrr.io.