DPA review packet
Request the full packet: data-processing terms, data-flow diagrams, and sub-processor context scoped to your launch.
Trust review
Sub-processors and DPA review
This register lists every service provider Gruv uses for identity verification, agreements, tax reporting, money movement, and cloud infrastructure. Share it with your procurement and security teams during DPA evaluation.
30-day material change notice
Gruv provides at least 30 days advance notice before adding or replacing a material sub-processor. Urgent security, continuity, or legal substitutions are communicated as soon as practical.
Objection and review path
Customer objections route through procurement or account review. Gruv assesses rollout scope, data categories, and alternative providers.
Current register
Sub-processors by workflow
Actual engagement depends on product module, market, payment method, verification path, and rollout scope. Customer-specific packets narrow this list to only the workflows active for your launch.
| Provider | Purpose | Data categories | Location notes |
|---|---|---|---|
SumsubIdentity verification and screening | KYC, KYB, sanctions screening, and applicant-review tooling supporting partner-led onboarding and ongoing compliance checks. | Identity profiles, business profiles, verification status, document metadata, screening results, review evidence. | Global provider. Transfer terms covered in the DPA review packet. |
DocuSignElectronic signature | Agreement envelope creation, signature collection, signing-status webhooks, and audit-trail generation. | Signer name, email, agreement metadata, envelope status, signature events, signed-agreement artifacts. | Global provider. Customer packet confirms applicable account region. |
Tax1099 / ZenworkTax reporting and filing | US tax-form preparation, TIN matching, 1099-series filing, 1042-S filing, and recipient form delivery. | Tax profiles, masked and filing-required TINs, withholding values, filing-year totals, form artifacts. | United States provider. Production filing requires tax-program approval. |
Payment rail providersMoney movement | Corridor-dependent payment processing, bank-account validation, settlement, payout execution, returns, and rail evidence. | Payee/payer details, bank-account metadata, transaction references, status events, amounts, currencies, error codes. | Corridor-dependent. Licensed partners are disclosed under NDA as part of the procurement review. |
Microsoft Azure and Google CloudCloud infrastructure | Application hosting, object storage, messaging, observability, workflow orchestration, and managed platform services. | Application records, operational logs, service metadata, AES-256-encrypted file artifacts, internal event payloads. | Regional configuration set per deployment environment and customer rollout scope. |
Change notices
30 days advance notice on material changes
Gruv provides a minimum 30-day window for material additions, replacements, or removals that affect customer data-processing scope. Urgent security, resilience, or legal substitutions are communicated as soon as practical.
| Date | Change | Impact |
|---|---|---|
| May 13, 2026 | Initial sub-processor register published. | Baseline list for AoR procurement and DPA review. |
Need the full DPA packet?
This public register is a procurement starting point. The full customer packet includes the executed DPA, Standard Contractual Clauses, data-flow diagrams, security overview, and launch-specific sub-processor scope.
Contact Gruv