Skip to content
ACTServ Technology Ltd
Legal
Data Processing

ACTServ GRC Subprocessor Schedule

Material providers used to host, authenticate and deliver the ACTServ GRC Platform.

Version 1.0Approved as of 01 January 2026Contractual document

Customer-specific integrations configured in the Customer tenant are not necessarily ACTServ subprocessors; their status depends on the data flow and contractual role.

Current material providers

ProviderFunctionLocation or regionData categoriesTransfer safeguards
ConvexServerless backend, database, application processing and file or evidence storage.Europe (Ireland).Customer Data, application records, integration configuration, evidence and audit metadata.EU data residency. Ancillary non-EEA access is safeguarded under ACTServ’s data-processing agreement with the provider, including EU Standard Contractual Clauses where applicable.
ClerkUser identity, authentication, sessions and MFA.EU data-residency configuration.User identity, business email, authentication and session metadata.Ancillary non-EEA support access is safeguarded under ACTServ’s data-processing agreement with the provider, including EU Standard Contractual Clauses where applicable.
VercelFrontend deployment, content delivery, application execution and privacy-preserving usage analytics.Paris, France — eu-west-3 / cdg1; Frankfurt, Germany — eu-central-1 / fra1.Web requests, technical logs, limited application data necessary for delivery and cookieless, anonymised usage analytics.Ancillary non-EEA access is safeguarded under ACTServ’s data-processing agreement with the provider, including EU Standard Contractual Clauses where applicable.

Material change process

ACTServ will provide at least 30 days’ notice of intended material changes, unless a shorter period is reasonably required due to emergency, security, law or circumstances outside reasonable control. Customer may submit a substantiated objection within 15 days.

Customer-controlled Microsoft 365 integrations

Microsoft 365 inventory and email integrations are configured using applications and permissions in Customer’s own tenant. Microsoft’s role as an independent provider or processor is governed by Customer’s own Microsoft arrangements. ACTServ processes the integration data received into the Platform under the Data Processing Agreement.