What a sub-processor is
Sub-processor কী
A sub-processor is an entity that processes customer personal data on our behalf and under our documented instructions. We remain the data controller; sub-processors act in a strictly processor capacity. GDPR Art. 28(2)+(4) BD Data Protection Act 2023 (draft) §14
Every sub-processor on this page has executed a written Data Processing Agreement with us. Each agreement contains the mandatory GDPR Art. 28(3) clauses, including: instructions-only processing, confidentiality, security measures aligned with GDPR Art. 32, sub-sub- processor disclosure obligations, breach notification within 24 hours of awareness, audit rights, and end-of-contract data deletion or return.
We do not permit sub-processors to use customer data for their own commercial purposes. We do not permit sub-processors to train AI models on customer inputs (this is a contractual commitment from Anthropic specifically). We do not permit sub-processors to pass customer data to fourth parties without our written approval.
The current register
বর্তমান তালিকা
The table below is the complete list of sub-processors as of the version date of this page. We do not maintain a private “internal-only” sub-processor list — what is on this page is everything.
managed cloud platform
approved Asia-Pacific regionCompute (Lambda), storage (S3, RDS Postgres), email (SES), key management (KMS), CloudWatch logging, and AI inference (via managed AI inference). Our primary infrastructure layer.
- Data types
- All customer data — account, profile, tender ZIPs, AI drafts, billing.
- Certifications
- ISO 27001, SOC 2 Type II, PCI DSS Level 1 · DPA →
Anthropic (via managed AI inference platform)
approved Asia-Pacific region of managed AI inference platformLLM inference for AI bid copilot, eligibility extraction, and tender analysis. Claude model family. Inputs and outputs are not used for model training.
- Data types
- Tender content, eligibility prompts, bid drafts (transient — discarded post-inference).
- Certifications
- SOC 2 Type II · DPA →
EPS Bangladesh Limited
Dhaka, BangladeshPayment processing for cards, mobile-banking wallets (bKash, Nagad, Rocket), and internet banking. Bangladesh Bank-licensed payment service provider.
- Data types
- Payment outcome only (transaction reference, status). No card data, CVV, PIN, or OTP reaches TenderPulse.
- Certifications
- PCI DSS, Bangladesh Bank PSP licence
Resend
EU / US infrastructureTransactional email in development and staging environments only. Production email (OTPs, invoices, deadline alerts) goes via transactional email service from the approved region.
- Data types
- Email recipient, subject, body content (development environments only — no production user data).
- Certifications
- SOC 2 Type II · DPA →
Cloudflare
Global anycast networkDNS resolution and DDoS protection at the edge for the apex domain.
- Data types
- Request metadata only (IP, user-agent, request URL). No request bodies. Cloudflare does not see decrypted application traffic — TLS terminates at CloudFront.
- Certifications
- ISO 27001, SOC 2 Type II, PCI DSS · DPA →
Twilio (SMS / OTP)
Global, with BD-routed deliverySMS delivery for one-time passwords during sign-up and password reset. Routed through Bangladesh-licensed local aggregators where required.
- Data types
- Recipient phone number, OTP code (transient — never logged or retained beyond the delivery transaction).
- Certifications
- SOC 2 Type II · DPA →
Sentry (error tracking)
EU region (Frankfurt)Application error tracking and performance monitoring. PII scrubbing rules strip user identifiers and request bodies before transmission.
- Data types
- Stack traces, exception messages, user-agent. Personal identifiers are scrubbed at the SDK level.
- Certifications
- ISO 27001, SOC 2 Type II · DPA →
Notice and objection
নোটিশ ও আপত্তির অধিকার
Before adding a new sub-processor, we provide at least 14 calendar days of advance notice via in-app notification, email to the billing contact on file, and an entry in our changelog. The notice describes the new sub-processor, its purpose, its location, and its certification posture.
During the 14-day window, you have the right to object. To object, email help@tenderpulse.com.bd stating your concern. We will respond within 5 business days. If we cannot find a mutually acceptable alternative — for example, a different sub-processor that performs the same function with a posture you accept — you have the right to terminate the subscription with a pro-rata refund of any prepaid portion.
Sub-sub-processors
তৃতীয় স্তরের processor
Some sub-processors above use their own sub-processors. our cloud provider, for example, uses backbone providers, regional connectivity partners, and certificate authorities to deliver its services. We rely on the cloud provider's own sub-processor disclosure (aws.amazon.com/compliance/sub-processors) and contractually require our cloud provider to notify us before any materially new sub-processor is engaged in the regions we use.
Anthropic publishes its sub-processor list at their trust portal. We require Anthropic to notify us of changes via our enterprise agreement.
Where a sub-sub-processor change creates risk we believe customers would want to know about (for example, a new region or a new certification gap), we surface it via the same 14-day notice process described in §3 above — even though the contractual obligation is on the upstream sub-processor, not on us.
International transfers and SCCs
আন্তর্জাতিক transfer
The bulk of customer data resides in our approved Asia-Pacific region, a jurisdiction with bilateral data-flow agreements supporting adequate protection for EU and UK personal data. For those sub-processors that process data outside the approved region (Resend, Sentry, Cloudflare anycast, Twilio routing), we have executed Standard Contractual Clauses (EU SCCs Module 2: controller-to- processor) and the UK International Data Transfer Addendum where applicable. GDPR Art. 46
We do not process customer data in the United States. The development-environment Resend usage and Sentry error capture may transit US infrastructure incidentally; production customer data does not. Where a future operational need creates a US data flow, we will update this register with at least 14 days notice and the option to object.
Sub-processors we have removed
যাদের সাথে আমরা আর কাজ করি না
As of the version date of this register, no sub-processor has been removed since TenderPulse went live. As removals occur, we will document each one here with the date of removal and a one-line explanation, so customers retain the ability to trace historical data flows.
When a sub-processor is removed, our procedure is: stop sending data, request the sub-processor’s contractually-mandated deletion certificate, verify deletion in the sub-processor’s own audit trail where available, and update this page within 7 days of confirmation.