Sub-processor Register

Version 1.0 · Last updated 19 May 2026

A sub-processor is a third party that processes personal data on our behalf to help us run the AML Certification Centre Learning Platform. This register lists every sub-processor we currently use, what data they receive, why we use them, and where they store data.

We maintain a data-processing agreement (DPA) with each sub-processor that meets the requirements of GDPR Art. 28. Where a sub-processor is outside the EU/EEA, data transfers rely on either the EU-US Data Privacy Framework or the EU Commission's Standard Contractual Clauses (SCCs) plus appropriate supplementary measures. Copies of these agreements are available on request from [email protected].

Notice of changes

When we add a new sub-processor or change an existing one, we update this register and update the last-updated date at the top. If you would like to be notified by email when this register changes, send a request to [email protected] and we will add you to the notification list.

You can object to a new sub-processor for reasonable data-protection grounds within 30 days of notification. We will work in good faith to find a mutually acceptable alternative; if we cannot, you may terminate your relationship with us on reasonable notice.

Infrastructure

Neon (Postgres database)

Provider: Neon, Inc., 209 Havemeyer Street, Brooklyn, NY 11211, USA — operating EU data plane.

What we send: Every personal-data column described in §3 of the Privacy Policy.

Purpose: Primary application database — accounts, enrolments, progress, submissions, etc.

Region: eu-central-1 (Frankfurt, Germany).

Transfer basis: EU data residency — data stays in the EU. The Neon control-plane company is US-incorporated; processor relationship covered by SCCs.

Cloudflare R2 — public bucket

Provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA.

What we send: Profile photos, programme cover images, public course HTML assets, public simulator HTML, toolkit HTML, certificate PNGs, public webinar resources.

Purpose: Serving public static assets to learners' browsers via a low-latency CDN.

Region: EU-primary R2 jurisdiction with global edge replication.

Transfer basis: SCCs + Data Privacy Framework certification.

Cloudflare R2 — private bucket

Provider: Cloudflare, Inc. (same as above).

What we send: Paid course HTMLs, simulators, toolkit items, certificate PDFs, assessment file uploads.

Purpose: Serving authenticated-only assets to learners via our own API proxy after the API re-checks enrolment.

Region: EU-primary R2 jurisdiction.

Transfer basis: Same as the public bucket.

Railway (application hosting + Redis)

Provider: Railway Corp., 251 Little Falls Drive, Wilmington, DE 19808, USA.

What we send: The LMS application itself; Redis holds BullMQ job payloads (incl. user IDs and notification content) and the SSE pub/sub channel notifications:<userId>.

Purpose: Application hosting + background-job queue + server-sent-events fan-out.

Region: EU region (eu-west).

Transfer basis: EU data residency on the data plane; SCCs cover the control-plane processor relationship.

Email delivery

Resend (primary transactional email)

Provider: Resend, Inc., 2261 Market Street #4667, San Francisco, CA 94114, USA.

What we send: Recipient email address, the full content of every transactional email (assessment graded, achievement earned, password changed, webinar reminder, recording available, enrolment approved).

Purpose: Delivering transactional emails to your inbox.

Region: United States.

Transfer basis: SCCs + EU-US Data Privacy Framework certification.

Postmark (fallback transactional email)

Provider: Wildbit, LLC d/b/a Postmark, 225 Chestnut Street, Philadelphia, PA 19106, USA.

What we send: Same as Resend.

Purpose: Backup transactional email delivery when Resend is unavailable.

Region: United States.

Transfer basis: SCCs + Data Privacy Framework certification.

MailerLite (marketing email — only if you opted in)

Provider: UAB 'MailerLite', J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania.

What we send: Your name, email address and any audience-segmentation tags we apply (e.g. which programmes you have enrolled in).

Purpose: Sending marketing emails — newsletters, programme announcements — to subscribers who explicitly opted in at registration or via a public form. You can unsubscribe at any time from the link in every marketing email.

Region: European Union (Lithuania).

Transfer basis: EU data residency — data stays in the EU.

Payments

Stripe Payments Europe Ltd

Provider: Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Dublin 2, Ireland.

What we send: Customer email and the price/currency for the purchase. Stripe receives card details directly from your browser via Stripe Elements — we never see or store them.

Purpose: Processing your payment, issuing invoices, handling VAT, paying us out.

Region: European Union (primary processing in Ireland).

Transfer basis: EU controller-to-processor relationship. Stripe may transfer payment data to the US under SCCs and the Data Privacy Framework where required for fraud-prevention or accounting.

Webinars and video

Zoom Video Communications

Provider: Zoom Video Communications, Inc., 55 Almaden Blvd, 6th Floor, San Jose, CA 95113, USA.

What we send: The host's email, meeting topic, scheduled start time and duration, and (via webhook) the email and join/leave timestamps of every participant.

Purpose: Hosting live webinars and reconciling attendance.

Region: United States, with EU data-centre routing available and used where Zoom's region-selection allows it.

Transfer basis: SCCs + Data Privacy Framework certification.

Vimeo (video hosting)

Provider: Vimeo.com, Inc., 555 West 18th Street, New York, NY 10011, USA.

What we send: Encoded video files (uploaded by us, not by you). When a learner watches a video, the embedded Vimeo player receives the learner's IP, user-agent, referrer URL and playback events directly from the learner's browser. We embed videos with the dnt=1 (do-not-track) flag set, which restricts Vimeo from setting tracking cookies and from sharing personally identifiable data with advertisers.

Purpose: Hosting and streaming course videos and webinar recordings.

Region: United States.

Transfer basis: SCCs + Data Privacy Framework certification.

First-party services (we operate these ourselves)

AML Certification Centre Credentials platform

Provider: AML Certification Centre OÜ — us.

What we send: Learner name, email and a stable certificate reference; completion and (where applicable) expiry dates.

Purpose: Issuing and verifying accredited certificates at credentials.amlcertification.com. This is a separate deployment of our own software, not a third-party service. The same Privacy Policy applies.

Region: EU (same infrastructure region as the Learning Platform).

Transfer basis: Not applicable (internal transfer within AML Certification Centre OÜ).

WordPress marketing storefront

Provider: AML Certification Centre OÜ.

What we send: The WordPress storefront sends signed enrolment webhooks to the Learning Platform after a purchase is completed, carrying email, name, programme slug and segment.

Purpose: Storefront and marketing pages at amlcertification.com.

Region: EU.

Transfer basis: Internal data flow within AML Certification Centre, not a sub-processor relationship.

What we do not use

For transparency, we do not currently use any:

  • Analytics provider — no Google Analytics, Plausible, PostHog, Mixpanel, Amplitude, Segment, or similar.
  • Advertising / retargeting platform — no Facebook Pixel, LinkedIn Insight Tag, Google Ads, programmatic ad networks, etc.
  • Behavioural-monitoring tool — no Hotjar, FullStory, LogRocket, Heap, etc.
  • Customer-support platform — no Intercom, HelpScout, Zendesk, Crisp; support runs through [email protected] only.
  • CDP / marketing-automation platform — no Segment, RudderStack, Customer.io, ActiveCampaign, etc.

If we ever add a service in any of these categories we will update this register and notify subscribers.

Error monitoring

Sentry

Provider: Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.

What we send: When the platform throws an unexpected error, we send the exception class, stack trace, the URL of the request, browser type, timestamp, the authenticated user's ID (UUID), and — for a sampled subset of sessions — a privacy-masked replay of the user's screen (all text masked, all media blocked by default).

Purpose: Detecting and diagnosing application errors so we can fix them before they impact more users.

Region: United States.

Transfer basis: SCCs + EU-US Data Privacy Framework certification. Server-side errors have email-like strings redacted before transmission; client-side query strings have email/token parameters redacted; session replays mask all text and block all media.

Contact

Sub-processor questions, change-notification subscription, copies of DPAs or SCCs: [email protected].

See also: Privacy Policy · Cookie Policy · Terms of Service

We use only essential cookies — for sign-in sessions and your theme preference. No analytics, no marketing trackers. See the cookie policy for full details.