DPA review packet
Customers can request the data-processing terms, data-flow notes, and sub-processor context needed for procurement review.
Trust review
Sub-processors and DPA review
This register identifies the service providers Gruv may use to deliver identity verification, agreements, tax reporting, money movement, cloud infrastructure, and related operational workflows.
30-day material change notice
Gruv targets at least 30 days notice before adding or replacing a material sub-processor, except for urgent security, continuity, or legal requirements.
Objection and review path
Customer objections route through procurement or account review so the rollout lane, data categories, and alternatives can be assessed.
Current register
Sub-processors used by workflow
Actual use depends on the product module, market, payment method, verification path, and rollout scope. Customer-specific packets can narrow the list to the workflows in scope for a launch.
| Provider | Purpose | Data categories | Location notes |
|---|---|---|---|
SumsubIdentity verification and screening | KYC, KYB, sanctions-screening, and applicant review workflows used for onboarding and ongoing compliance checks. | Identity profile, business profile, verification status, document metadata, screening results, and review evidence. | Global service provider; transfer terms handled through the DPA review packet. |
DocuSignElectronic signature | Agreement envelope creation, signature collection, signing status updates, and audit trail support. | Signer name, email address, agreement metadata, envelope status, signature events, and signed agreement artifacts. | Global service provider; customer packet confirms applicable account configuration. |
Tax1099 / ZenworkTax reporting and filing | US tax form preparation, TIN matching, 1099-series filing support, 1042-S support, and recipient filing artifacts. | Tax profile, masked and filing-required tax identifiers, withholding values, filing-year totals, and form artifacts. | United States service provider; production filing setup depends on tax-program approval. |
Payment rail providersMoney movement | Corridor-dependent payment processing, bank-account handling, settlement, payout execution, returns, and rail evidence. | Payee or payer details, bank-account metadata, transaction references, status events, amounts, currencies, and error codes. | Provider set is corridor dependent and may include Airwallex, Currencycloud, Payoneer, Tazapay, or equivalent licensed providers. |
Microsoft Azure and Google CloudCloud infrastructure | Application hosting, storage, messaging, observability, internal workflow processing, and managed platform infrastructure. | Application records, operational logs, service metadata, encrypted file artifacts, and internal event payloads. | Regional configuration depends on deployment environment and customer rollout scope. |
Change notices
Material changes get advance notice
Gruv targets a 30-day notice window for material additions, replacements, or removals that affect customer data-processing scope. Urgent security, resilience, or legal substitutions are communicated as soon as practical.
| Date | Change | Impact |
|---|---|---|
| May 13, 2026 | Initial sub-processor register published. | Baseline list for AoR procurement and DPA review. |
Need the signed DPA packet?
The public register is a procurement starting point. Customer review packets can include the applicable DPA, transfer terms, data-flow notes, security overview, and launch-specific sub-processor scope.
Contact Gruv