Sub-processors
The sub-processors Skillscan Limited engages to deliver the Skilly platform. Each is contractually bound to equivalent data-protection obligations to those Skillscan undertakes to schools.
Active sub-processors
| Sub-processor | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Supabase Inc. | Primary database + file storage for the platform | EU (Frankfurt) | Within EEA |
| Vercel Inc. | Application hosting + edge delivery | Primarily EU; US fallback for edge caching | EU-U.S. Data Privacy Framework + SCCs 2021 |
| Anthropic PBC | AI inference — reflection scoring + safeguarding detection | United States | EU-U.S. DPF + SCCs 2021 + Zero-Retention Rider |
| Resend Inc. | Transactional email delivery | Primarily EU; US API endpoint | EU-U.S. DPF + SCCs 2021 |
Change notifications
Before we add or replace a sub-processor we will notify each subscribing school at least 30 days in advance and give them an opportunity to object. If a school reasonably objects on data-protection grounds we will either address the objection or allow the school to terminate the subscription with a pro-rata refund.
Where this fits
For the broader picture of who is the data controller, what data we hold, and what rights you have, see our Privacy Policy.
This page is the authoritative list. We do not maintain sub-processor information in any other location. Last updated 22 April 2026.