Sub-Processor List

Last Updated: 24 March 2026

Vissibl Technology Limited ("Vissibl") uses the following sub-processors to deliver our platform and services. Sub-processors are third-party companies that process personal data on our behalf and under our instruction.

All sub-processors are bound by contractual Data Processing Agreements and are required to implement appropriate technical and organisational security measures.

Infrastructure and Platform

Sub-Processor	Purpose	Data Types Processed	Processing Location	Security Certifications
Microsoft Azure	Primary cloud infrastructure: compute, databases, storage, networking	Customer compliance data, platform data, application logs	UAE North (primary); paired region for geo-redundant backups	ISO 27001, SOC 1/2/3, CSA STAR
Google Cloud Platform (GCP)	AI/ML document processing and secondary compute	Customer compliance documents (for AI processing)	europe-west2 (EU)	ISO 27001, SOC 1/2/3, CSA STAR

AI / Large Language Model Services

Vissibl uses LLM providers to power AI features including document generation, evidence analysis, and compliance recommendations. Content submitted through AI features — which may include personal data — is processed by these providers.

Sub-Processor	Purpose	Data Types Processed	Processing Location	Security Certifications
OpenAI	LLM services for AI-powered compliance features	Customer-submitted content used in AI prompts	US (OpenAI API)	ISO 27001, SOC 2 Type II
Google (Gemini)	LLM services for AI-powered compliance features	Customer-submitted content used in AI prompts	US / Global (Google AI API)	ISO 27001, SOC 1/2/3
Anthropic	LLM services for AI-powered compliance features	Customer-submitted content used in AI prompts	US (Anthropic API)	ISO 27001 (in progress), SOC 2

Note: Vissibl uses LiteLLM as an internal routing layer to manage requests to LLM providers. LiteLLM operates within Vissibl's own infrastructure and does not independently store or retain customer data.

Payment Processing

Sub-Processor	Purpose	Data Types Processed	Processing Location	Security Certifications
Stripe	Payment processing and billing	Billing contact details, payment data (card data not stored by Vissibl)	US / Global	PCI DSS Level 1, ISO 27001

Analytics

Sub-Processor	Purpose	Data Types Processed	Processing Location	Security Certifications
Google Analytics	Website and platform usage analytics	Anonymised IP addresses, behavioural data	US / Global	ISO 27001

Notification of Changes

We will notify customers of any changes to this sub-processor list (additions or replacements) with at least 14 days' advance notice in accordance with our standard Data Processing Agreement. Notification will be provided by updating this page and sending an email to the customer's registered contact.

Customers who object to a new sub-processor appointment may raise their concern with their account manager within the notice period.

Questions

For questions about our sub-processors or data processing practices, contact:

📧 privacy@vissibl.ai

Vissibl Technology Limited — Trade Licence CL8648, DIFC, Dubai, UAE