Sub-processors List
Effective date: 2026-05-11 Last updated: 2026-05-11
About this List
In delivering our services, threathunter.com (THREATHUNTER TECHNOLOGIES PTE. LTD) engages the following sub-processors under GDPR Article 28 / PDPA Section 24. We have a written Data Processing Agreement (DPA) in place with each sub-processor that imposes the same data-protection obligations on the sub-processor as those imposed on us.
Notice of sub-processor changes. We will notify Customers at least 30 days in advance before adding or replacing a sub-processor, through this page and through the email subscription described below. Customer rights to reasonable objection are set out in our Data Processing Agreement §4.4(c).
Current Sub-processor Categories
For commercial-sensitivity reasons, the specific legal entity, registered office, and DPA link of each sub-processor are not published on this page, but are available to qualified Customers on request (see "Requesting the full list" below).
| Category | Purpose | Data processed | Processing location | Cross-border mechanism |
|---|---|---|---|---|
| Large language model (LLM) inference provider | LLM inference under zero-data-retention configuration | User conversation queries + model responses | USA | EU SCCs Module 3 + UK IDTA |
| Cloud infrastructure provider | Infrastructure hosting (compute / RDS MySQL / object storage / networking) | All business data (users, conversations, reports) | Singapore region | N/A — data stored in Singapore; transfers from Customer location to Singapore handled under SCCs |
| Payment processor | Subscription payment processing — payment card data is collected directly by the processor; we do not handle card numbers | Email address, payment card token | USA / EU | EU SCCs + UK IDTA (provided by processor) |
| Transactional email provider | Sign-up OTP, security alerts, report-ready notifications, and other transactional emails | Email address + email body | USA | EU SCCs (subject to provider confirmation) |
Change History
| Date | Change |
|---|---|
| 2026-05-11 | Initial publication |
Subscribing to Change Notifications
To receive advance notice of sub-processor changes (the 30-day advance notification required for third-processor objection under GDPR Art. 28(2)), please email privacy@threathunter.com with the subject "Subscribe to sub-processor updates". We will add you to the notification list and email you before each change.
Requesting the Full List
If you are an enterprise vendor-risk team member / DPO / legal counsel and require the specific identities of our sub-processors for diligence or compliance review:
- Email privacy@threathunter.com with the subject "Sub-processor List Request — [Your Company]".
- Briefly state your role (controller / processor / DPO) and the purpose of the compliance review.
- We will reply within two business days with the complete list (legal entity, registered office, DPA link, and SCCs text).
Contact
| Purpose | Contact |
|---|---|
| Subscribe to / object to sub-processor updates | privacy@threathunter.com |
| General privacy enquiries | privacy@threathunter.com |
Last updated: 2026-05-11 · Version: 2026-05-11