Documents, attestations, and reports โ all in one place.
Annual third-party audit covering security, availability, confidentiality.
Information security management system certification.
Latest by CrowdSec ยท April 2026 ยท 0 critical findings.
Standard business associate agreement for US healthcare.
Standard contractual clauses for EU-to-third-country transfers.
Cyber liability ($10M), E&O ($5M), General liability.
Our standard intake form for evaluating subprocessors.
We use these vetted vendors. Each one signs a DPA mirroring or stricter than the one we sign with you.
| Vendor | Purpose | Region | Tier |
|---|---|---|---|
| Amazon Web Services | Primary cloud ยท compute, DB, storage | Multi-region | Critical |
| Cloudflare | CDN, WAF, DNS, DDoS protection | Global | Critical |
| Stripe | Payment processing (US, EU, UK, AU) | US/EU/SG | Critical |
| Razorpay | Payment processing (India) | India | Critical |
| Twilio | SMS + voice (global) | US/EU | High |
| MSG91 | SMS (India) | India | High |
| Meta WhatsApp Business | WhatsApp messaging | Global | High |
| Resend | Transactional email | US/EU | High |
| SendGrid | Transactional email (failover) | US | Medium |
| OpenAI | LLM (opt-in only) | US | Medium |
| Anthropic | LLM (opt-in only) | US | Medium |
| Datadog | Observability (no PII) | US/EU | Medium |
| HackerOne | Vulnerability disclosure | US | Low |