Sub-processor Register
Version 1.0 · Last updated 19 May 2026
A sub-processor is a third party that processes personal data on our behalf to help us run the AML Certification Centre Learning Platform. This register lists every sub-processor we currently use, what data they receive, why we use them, and where they store data.
We maintain a data-processing agreement (DPA) with each sub-processor that meets the requirements of GDPR Art. 28. Where a sub-processor is outside the EU/EEA, data transfers rely on either the EU-US Data Privacy Framework or the EU Commission's Standard Contractual Clauses (SCCs) plus appropriate supplementary measures. Copies of these agreements are available on request from [email protected].
Notice of changes
When we add a new sub-processor or change an existing one, we update this register and update the last-updated date at the top. If you would like to be notified by email when this register changes, send a request to [email protected] and we will add you to the notification list.
You can object to a new sub-processor for reasonable data-protection grounds within 30 days of notification. We will work in good faith to find a mutually acceptable alternative; if we cannot, you may terminate your relationship with us on reasonable notice.
Infrastructure
Neon (Postgres database)
Provider: Neon, Inc., 209 Havemeyer Street, Brooklyn, NY 11211, USA — operating EU data plane.
What we send: Every personal-data column described in §3 of the Privacy Policy.
Purpose: Primary application database — accounts, enrolments, progress, submissions, etc.
Region: eu-central-1 (Frankfurt, Germany).
Transfer basis: EU data residency — data stays in the EU. The Neon control-plane company is US-incorporated; processor relationship covered by SCCs.
Cloudflare R2 — public bucket
Provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA.
What we send: Profile photos, programme cover images, public course HTML assets, public simulator HTML, toolkit HTML, certificate PNGs, public webinar resources.
Purpose: Serving public static assets to learners' browsers via a low-latency CDN.
Region: EU-primary R2 jurisdiction with global edge replication.
Transfer basis: SCCs + Data Privacy Framework certification.
Cloudflare R2 — private bucket
Provider: Cloudflare, Inc. (same as above).
What we send: Paid course HTMLs, simulators, toolkit items, certificate PDFs, assessment file uploads.
Purpose: Serving authenticated-only assets to learners via our own API proxy after the API re-checks enrolment.
Region: EU-primary R2 jurisdiction.
Transfer basis: Same as the public bucket.
Railway (application hosting + Redis)
Provider: Railway Corp., 251 Little Falls Drive, Wilmington, DE 19808, USA.
What we send: The LMS application itself; Redis holds BullMQ job payloads (incl. user IDs and notification content) and the SSE pub/sub channel notifications:<userId>.
Purpose: Application hosting + background-job queue + server-sent-events fan-out.
Region: EU region (eu-west).
Transfer basis: EU data residency on the data plane; SCCs cover the control-plane processor relationship.
Email delivery
Resend (primary transactional email)
Provider: Resend, Inc., 2261 Market Street #4667, San Francisco, CA 94114, USA.
What we send: Recipient email address, the full content of every transactional email (assessment graded, achievement earned, password changed, webinar reminder, recording available, enrolment approved).
Purpose: Delivering transactional emails to your inbox.
Region: United States.
Transfer basis: SCCs + EU-US Data Privacy Framework certification.
Postmark (fallback transactional email)
Provider: Wildbit, LLC d/b/a Postmark, 225 Chestnut Street, Philadelphia, PA 19106, USA.
What we send: Same as Resend.
Purpose: Backup transactional email delivery when Resend is unavailable.
Region: United States.
Transfer basis: SCCs + Data Privacy Framework certification.
MailerLite (marketing email — only if you opted in)
Provider: UAB 'MailerLite', J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania.
What we send: Your name, email address and any audience-segmentation tags we apply (e.g. which programmes you have enrolled in).
Purpose: Sending marketing emails — newsletters, programme announcements — to subscribers who explicitly opted in at registration or via a public form. You can unsubscribe at any time from the link in every marketing email.
Region: European Union (Lithuania).
Transfer basis: EU data residency — data stays in the EU.
Payments
Stripe Payments Europe Ltd
Provider: Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Dublin 2, Ireland.
What we send: Customer email and the price/currency for the purchase. Stripe receives card details directly from your browser via Stripe Elements — we never see or store them.
Purpose: Processing your payment, issuing invoices, handling VAT, paying us out.
Region: European Union (primary processing in Ireland).
Transfer basis: EU controller-to-processor relationship. Stripe may transfer payment data to the US under SCCs and the Data Privacy Framework where required for fraud-prevention or accounting.
Webinars and video
Zoom Video Communications
Provider: Zoom Video Communications, Inc., 55 Almaden Blvd, 6th Floor, San Jose, CA 95113, USA.
What we send: The host's email, meeting topic, scheduled start time and duration, and (via webhook) the email and join/leave timestamps of every participant.
Purpose: Hosting live webinars and reconciling attendance.
Region: United States, with EU data-centre routing available and used where Zoom's region-selection allows it.
Transfer basis: SCCs + Data Privacy Framework certification.
Vimeo (video hosting)
Provider: Vimeo.com, Inc., 555 West 18th Street, New York, NY 10011, USA.
What we send: Encoded video files (uploaded by us, not by you). When a learner watches a video, the embedded Vimeo player receives the learner's IP, user-agent, referrer URL and playback events directly from the learner's browser. We embed videos with the dnt=1 (do-not-track) flag set, which restricts Vimeo from setting tracking cookies and from sharing personally identifiable data with advertisers.
Purpose: Hosting and streaming course videos and webinar recordings.
Region: United States.
Transfer basis: SCCs + Data Privacy Framework certification.
First-party services (we operate these ourselves)
AML Certification Centre Credentials platform
Provider: AML Certification Centre OÜ — us.
What we send: Learner name, email and a stable certificate reference; completion and (where applicable) expiry dates.
Purpose: Issuing and verifying accredited certificates at credentials.amlcertification.com. This is a separate deployment of our own software, not a third-party service. The same Privacy Policy applies.
Region: EU (same infrastructure region as the Learning Platform).
Transfer basis: Not applicable (internal transfer within AML Certification Centre OÜ).
WordPress marketing storefront
Provider: AML Certification Centre OÜ.
What we send: The WordPress storefront sends signed enrolment webhooks to the Learning Platform after a purchase is completed, carrying email, name, programme slug and segment.
Purpose: Storefront and marketing pages at amlcertification.com.
Region: EU.
Transfer basis: Internal data flow within AML Certification Centre, not a sub-processor relationship.
What we do not use
For transparency, we do not currently use any:
- Analytics provider — no Google Analytics, Plausible, PostHog, Mixpanel, Amplitude, Segment, or similar.
- Advertising / retargeting platform — no Facebook Pixel, LinkedIn Insight Tag, Google Ads, programmatic ad networks, etc.
- Behavioural-monitoring tool — no Hotjar, FullStory, LogRocket, Heap, etc.
- Customer-support platform — no Intercom, HelpScout, Zendesk, Crisp; support runs through [email protected] only.
- CDP / marketing-automation platform — no Segment, RudderStack, Customer.io, ActiveCampaign, etc.
If we ever add a service in any of these categories we will update this register and notify subscribers.
Error monitoring
Sentry
Provider: Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.
What we send: When the platform throws an unexpected error, we send the exception class, stack trace, the URL of the request, browser type, timestamp, the authenticated user's ID (UUID), and — for a sampled subset of sessions — a privacy-masked replay of the user's screen (all text masked, all media blocked by default).
Purpose: Detecting and diagnosing application errors so we can fix them before they impact more users.
Region: United States.
Transfer basis: SCCs + EU-US Data Privacy Framework certification. Server-side errors have email-like strings redacted before transmission; client-side query strings have email/token parameters redacted; session replays mask all text and block all media.
Contact
Sub-processor questions, change-notification subscription, copies of DPAs or SCCs: [email protected].
See also: Privacy Policy · Cookie Policy · Terms of Service