Sub-processors
Effective 13 May 2026 · ABN 49 452 393 782 · Caltury (sole trader, Australia)
Caltury uses the following sub-processors to deliver the Service. We choose providers carefully, contract with them on data-protection terms, and document the data flows. This list is published openly so you can satisfy your own due-diligence requirements.
We will provide written notice to account holders at least 30 days before adding a new sub-processor. If you object on reasonable compliance grounds, contact us at privacy@caltury.com.au.
Current sub-processors
| Provider | Role | Data | Location |
|---|---|---|---|
| Supabase, Inc. | Managed Postgres database, authentication, file storage | All Caltury application data including org, user, customer and AML/CTF records | Sydney, Australia (ap-southeast-2) |
| Vercel, Inc. | Application hosting and edge delivery | HTTP request metadata only — no persistent storage of customer records | Sydney, Australia (Sydney pinned via Pro region) |
| Stripe, Inc. | Subscription billing and identity verification (Stripe Identity) | Billing details + identity document images, names, DOB, residential addresses when KYC is initiated | United States (with EU/AU regional infrastructure) |
| OpenSanctions / OCCRP | Sanctions and PEP screening API | Customer name and (optionally) date of birth, country | Germany (EU) |
| Anthropic, PBC | AI text generation for SMR narratives and risk commentary | Structured SMR intake (excluding raw ID documents); risk-assessment responses | United States |
| Resend, Inc. | Transactional email delivery (sign-up confirmations, KYC links) | Recipient email addresses and message bodies | United States |
| Sentry (Functional Software, Inc.) | Application error monitoring | Stack traces and request metadata. PII scrubbed at SDK level. | United States |
| PostHog Inc. (EU cloud) | Product analytics | Anonymised event data, page views, feature usage. IPs anonymised. | Frankfurt, Germany (EU) |
Notes on overseas disclosures
Disclosures to overseas sub-processors are made under APP 8.1. We have taken reasonable steps to ensure each overseas recipient handles the information in a way consistent with the Australian Privacy Principles (e.g. by entering data-processing agreements and verifying their own privacy and security frameworks).
Last reviewed: 13 May 2026. Material changes are notified to account holders by email.