Products
Publisher - Trusted PDF Sealing Publisher Identity Validator
Pricing
Resources
API Docs CLI Docs Zapier Documenso
PDF Validator Download CLI
Support
Learn
Blog FAQ Announcements
Company / Contact
Sign in/up

TS Subprocessors List

Effective Date: 10/31/2025

Last Updated: 10/31/2025

This page identifies the third-party Subprocessors that Trusted Signatures (“TS”) uses to deliver the Services. Subprocessors process limited personal information on TS’s behalf and are bound by data-protection and confidentiality terms. TS remains responsible to you for each Subprocessor’s performance of the data-protection obligations we flow down to them under our DPA (subject to the limitations in our Terms). Certain providers may also act as independent controllers for their own purposes (e.g., payment processing fraud/chargebacks) or make independent trust-program decisions (e.g., CA issuance/revocation); TS is not responsible for those independent activities.

Current Subprocessors

Payment processing

Provider: Stripe, Inc.

Purpose: Payment card processing, fraud prevention, disputes/chargebacks.

Data processed: Billing contact data and transaction metadata; no full card numbers or CVV are stored by TS.

Processing location: U.S. and global infrastructure.

Safeguards: PCI DSS; SCCs/UK Addendum as applicable.

Policies: See Stripe’s privacy/terms.

Certificate authority, registration authority, and trust services (Identity products)

EU Advanced Provider: Sectigo Limited and affiliates (CA/RA, OCSP/CRL, and RFC 3161 Time-Stamping Authority)

Purpose: Organization certificate issuance, validation/revalidation, suspension/revocation; certificate status checks; trusted timestamps.

Data processed: Organization identity data (as provided by Customer for validation), certificate serials/issuer, request/response metadata.

Processing location: EU/UK/US (varies by service).

Safeguards: Sectigo CPS/Subscriber terms; SCCs/UK Addendum as applicable.

Cloud hosting & compute

Provider: Amazon Web Services, Inc. (AWS)

Purpose: Hosting of application services, databases, and storage.

Data processed: Account/contact data, API logs, document-verification metadata (no PDFs).

Processing location: AWS U.S. regions (Ohio).

Safeguards: ISO 27001/SOC; SCCs/UK Addendum as applicable.

Public Site Analytics

Provider: Google

Purpose: Public site analytics (https://trusted-signatures.com)

Data Processed: Web site activity (user opt-in required)

Processing location: US

Notes & updates

TS may add or replace Subprocessors to improve reliability, security, or functionality. We will update this page to provide notice of changes. Customers may object to a new Subprocessor under the process defined in the DPA §7.4.

Contact

Questions about this list or data processing or for legals notices contact us at:

support@trusted-signatures.com Michelle@trusted-signatures.com and Brad@trusted-signatures.com.