This page lists the third-party service providers ("sub-processors") that may process personal data on behalf of ClearSecurity Vision when you visit this website or contact us. We maintain this list in the interest of transparency and in accordance with our obligations under GDPR.
1. What is a sub-processor
A sub-processor is a third-party company that processes personal data as part of delivering a service we use. As data controller, ClearSecurity Vision is responsible for ensuring that all sub-processors provide sufficient guarantees to implement appropriate technical and organizational measures to protect personal data, in accordance with GDPR Article 28.
2. Active sub-processors
The following services are currently active and may process data related to visitors of this website or contacts who communicate with us:
| Sub-processor | Role | Data processed | Location |
|---|---|---|---|
| Cloudflare Pages | Static website hosting, CDN, and edge delivery | IP address, request path, HTTP headers, and request timestamps (standard CDN access logs). No cookies are set by ClearSecurity Vision. | Global edge network; EU nodes used for EU visitors (primary). Cloudflare is Privacy Shield successor certified and provides SCCs. |
| Cloudflare Web Analytics | Website traffic analytics (cookieless) | Aggregated page views, referrer URL, country (not city), browser type, and operating system. No individual user profiles. No personally identifiable information. No cookies. | EU (data aggregated at EU edge) |
| Resend | Transactional email delivery for contact form replies | Email address and message content of the person who submitted the contact form. Used solely to deliver our reply email. | EU West — Ireland (eu-west-1 AWS region) |
3. Conditionally active sub-processors
The following service is available in our infrastructure but is not currently active. It would only be enabled in response to specific, persistent runtime errors that cannot be diagnosed otherwise:
| Sub-processor | Role | Activation condition | Location |
|---|---|---|---|
| Sentry (EU) | Application error tracking | Not active. Would be enabled only if specific runtime errors require investigation. Error payloads may include browser type, OS, and anonymized stack traces. | EU datacenter (Frankfurt) |
This page will be updated when Sentry is activated, before activation occurs.
4. What we do not use
ClearSecurity Vision explicitly confirms that the following services do not process visitor data on our website:
- Google Analytics or Google Tag Manager (not installed)
- Google Fonts (fonts are self-hosted — no outbound requests to Google)
- Facebook / Meta Pixel or any Meta product
- LinkedIn Insight Tag
- Hotjar, FullStory, Microsoft Clarity, or any session recording tool
- Any advertising network or retargeting platform
- Any AI/ML data broker or data enrichment service
5. Changes to this list
We will update this page before adding any new sub-processor that processes visitor personal data. If you wish to be notified of changes or have questions about our data processing practices, contact us at:
6. Sub-processor agreements
All active sub-processors have Data Processing Agreements (DPAs) or equivalent contractual mechanisms in place, as required by GDPR Article 28. Where data is transferred outside the EU/EEA, Standard Contractual Clauses (SCCs) or equivalent adequacy decisions are in place.