Sub-processors
Last updated: 29 June 2026
Blackwellen Ltd (Company No. 16482166 · ICO Registration ZC160806) trading as Propvora
1.Introduction
A “sub-processor” is a third party engaged by Blackwellen Ltd (Company No. 16482166), trading as Propvora (“Propvora”, “we”, “us”), to process personal data on our behalf in the course of delivering the Propvora platform (the “Service”). Where Propvora acts as a processor on behalf of a business customer (the “Controller”), these sub-processors act as our onward processors, processing the Controller’s personal data strictly in accordance with our documented instructions and the safeguards set out below.
By accepting the Propvora Data Processing Agreement (“DPA”), the Controller grants Propvora a general written authorisation to engage the sub-processors listed in section 2 of this page. This page is the authoritative, granular register of those sub-processors and is incorporated by reference into the DPA and the Privacy Policy. Each sub-processor is bound by a written contract that imposes data-protection obligations no less protective than those in our DPA, including obligations of confidentiality, security, and assistance with data subject rights.
We give the Controller at least 30 days’ advance notice of any intended addition to, or replacement of, a sub-processor, providing an opportunity to object on reasonable data-protection grounds before the new sub-processor begins processing, as set out in section 4.
2.Current Sub-processors
The following sub-processors are currently engaged by Propvora to deliver the Service. The table records, for each sub-processor, the service it provides, the categories of data it processes, the principal location of processing, and the safeguard or transfer mechanism we rely upon where personal data leaves the United Kingdom or the European Economic Area.
| Sub-processor | Service provided | Data processed | Processing location | Safeguard / transfer mechanism |
|---|---|---|---|---|
| Supabase Inc. | Managed Postgres database, authentication, file storage | Workspace records, account data, uploaded documents | EU (AWS, Frankfurt) | UK GDPR adequacy / EU hosting |
| Vercel Inc. | Application hosting & serverless compute | Request data, logs | USA / EU edge | UK SCCs + IDTA |
| Cloudflare Inc. | CDN, DDoS/WAF security, R2 object storage | Traffic metadata, cached assets, stored files | Global (EU residency options) | UK SCCs + IDTA |
| Stripe Inc. (incl. Stripe Payments UK Ltd) | Payment & subscription processing, Connect payouts | Billing contact, card tokens (Stripe-held), payout details | UK / USA / EU | UK SCCs; Stripe is an independent controller for payment data |
| Resend Inc. | Transactional & notification email delivery | Recipient email, message content | USA | UK SCCs + IDTA |
| Microsoft Azure (Azure OpenAI, EU) | Primary AI Copilot language-model processing | Prompt context (workspace summaries), no training use | EU (Azure EU region) | Microsoft DPA + EU Data Boundary |
| Anthropic, PBC | AI model processing (premium tier) | Prompt context | USA | UK SCCs + IDTA, zero-retention / no-training terms |
| Google (Gemini) | AI model processing (optional tier) | Prompt context | USA / EU | UK SCCs + IDTA |
| NVIDIA Corporation (NIM) | AI inference (fallback, US-hosted open models) | Prompt context | USA | UK SCCs + IDTA |
| Sentry (Functional Software, Inc.) | Error monitoring | Error metadata, request IDs (no raw PII payloads) | EU (Germany region) | EU hosting |
The categories of data above describe the data each sub-processor is permitted to process in order to perform its function. Our AI sub-processors receive only the prompt context necessary to generate a response — typically condensed workspace summaries rather than raw record sets — and are contractually prohibited from using Controller data to train or improve their models. Sentry and equivalent observability tooling are configured to scrub raw personal-data payloads, retaining only the technical metadata required to diagnose faults.
3.International Data Transfers
Propvora is established in England and Wales, and our preference is to keep personal data within the United Kingdom or the European Economic Area wherever the Service permits. Several of the sub-processors listed above are headquartered outside the UK/EEA, and a subset of processing may therefore involve a restricted transfer of personal data.
Where personal data is transferred to a country that has not been the subject of a UK adequacy regulation, we put in place an appropriate transfer mechanism before any such transfer takes place. In practice this means the UK International Data Transfer Agreement (“IDTA”) or the UK Addendum to the European Commission’s Standard Contractual Clauses (“SCCs”), supplemented where appropriate by a transfer risk assessment and additional technical and organisational measures — including encryption in transit and at rest, and access controls — to ensure that data subjects continue to enjoy a level of protection essentially equivalent to that guaranteed under UK GDPR.
Where a sub-processor offers EU or UK data residency, we configure the Service to use that residency option so that the volume of restricted transfers is minimised.
4.Changes to This List
We keep this list current and will notify the Controller of any intended change — whether the addition of a new sub-processor or the replacement of an existing one — at least 30 days before that sub-processor begins processing the Controller’s personal data. Notice is given through the in-app notification system and, where the Controller has subscribed to sub-processor updates, by email to the address on the account.
The Controller may object to a proposed change on reasonable data-protection grounds by writing to legal@propvora.com within the notice period. Where the Controller raises a reasonable objection, we will use commercially reasonable efforts to make available an alternative arrangement that avoids the use of the objected-to sub-processor. If we are unable to offer such an alternative within a reasonable period, the Controller may, as its sole and exclusive remedy, terminate the affected portion of the Service in accordance with the termination provisions of the Terms of Service, without penalty for that termination.
5.Controller-of-record Note
For certain categories of payment and transaction data, Stripe acts as an independent controller rather than as our sub-processor. This reflects Stripe’s own legal and regulatory obligations — including anti-money-laundering, fraud prevention, and financial-services compliance — in respect of the payment data it handles.
For that data, Stripe determines the purposes and means of processing in its own right and is responsible as a controller under applicable data protection law. Stripe’s processing of such data is governed by Stripe’s own privacy notice and terms. Propvora does not store full card numbers; card details are tokenised and held by Stripe.
6.Contact
For any questions about our sub-processors, to request inclusion on our sub-processor change notification list, or to raise an objection under section 4, please contact us at legal@propvora.com.
Blackwellen Ltd (Company No. 16482166) trading as Propvora, registered office 61 Bridge Street, Kington, England, HR5 3DJ. ICO registration ZC160806. Governed by the laws of England and Wales.