Sub-processors
Last updated: June 2026
This page lists every third party that processes customer data on behalf of Style4 Solutions AB to operate CompliantHQ. We update this list whenever we add, change, or remove a sub-processor. For the full data-processing context, see our privacy policy.
Active sub-processors
| Provider | Purpose | Region | Privacy policy |
|---|---|---|---|
| Anthropic PBC | AI analysis of scan results — generates action plans and powers the in-product compliance chat. Receives scan findings (cookie names, script URLs, WCAG findings, page titles, HTML snippets, and image crops of individual elements from publicly reachable pages — the image crops are reviewed by our accessibility AI for contrast and text-in-image) but never login credentials, payment data, or content from authenticated areas. | USA (under SCCs) | anthropic.com/legal/privacy |
| Mailjet | Transactional email delivery — magic-link login, scan notifications, billing. | EU | mailjet.com/privacy-policy |
| Sentry | Error monitoring and crash reporting — receives error messages, stack traces, runtime information, and a short trail of recent app actions (breadcrumbs) when an error occurs on our server or in the visitor's browser. Performance and session tracking are disabled, so nothing is sent on normal page views — only on actual errors. We intentionally do not send request bodies, payment data, login credentials, or IP addresses. If an exception text happens to include an email address or other fragment of personal data, it can be included. | EU (Frankfurt) | sentry.io/privacy |
| Hetzner | Hosting for our application servers and MariaDB database. | Finland | — |
| Playwright / Chromium | Automated browser running on our own servers to scan customer sites. No data is sent to Google or other third parties from the scanning process itself. | Our infrastructure (Finland) | — |
International transfers
Anthropic PBC is based in the United States. The transfer is made under the European Commission's Standard Contractual Clauses (SCCs) as a safeguard under GDPR Art. 46. All other sub-processors operate within the EU/EEA.
Notification of changes
If we add, replace, or change a sub-processor's role we update this page and the privacy policy at the same time. We don't currently operate a separate change-notification mailing list — for now, this page is the source of truth. Email hello@complianthq.ai if you want to be notified of changes.