Sub-Processor List
Complete list of VaultPDF sub-processors and third-party services, satisfying GDPR Art. 28(3)(d) and enterprise procurement requirements.
Last updated: 2026-05-31. Version: 1.0.
This document lists all sub-processors and third-party services used by VaultPDF, provided to satisfy GDPR Art. 28(3)(d) and enterprise procurement requirements.
Understanding the Two Processing Scopes
VaultPDF has two distinct processing scopes with different sub-processor profiles:
-
Customer-deployed infrastructure - the Azure resources deployed into the customer's own Azure subscription via Bicep. Sub-processors here are sub-processors of your organisation, not of VaultPDF. You engage them directly under your Microsoft Customer Agreement.
-
VaultPDF-operated services - the Licensing API and eSign Portal operated by VaultPDF. These are the only VaultPDF sub-processors relevant to a DPA with VaultPDF.
Scope Overview
flowchart TB
subgraph YourOrg["🏢 Your Organisation (Data Controller)"]
Users["👤 Users & Approvers"]
subgraph YourAzure["Your Azure Subscription (Microsoft MCA — you are the controller)"]
Functions["The Dispatcher · The Vault Engine<br/>Azure Service Bus queues · Azure Key Vault<br/>Azure Blob Storage · App Insights"]
end
subgraph YourM365["Your Microsoft 365 Tenant (Microsoft MCA — you are the controller)"]
SPODoc["SharePoint Libraries<br/>Activity Lists · Entra ID"]
end
end
subgraph VaultPDFOp["🔐 VaultPDF (Limited Processor)"]
LicAPI2["Licensing API<br/>(Microsoft Azure · West Europe)<br/>Receives: license key + tenant ID only"]
eSignPortal2["eSign Portal<br/>(Microsoft Azure · West Europe)<br/>Receives: HMAC token only · stateless"]
SharedACS2["Shared ACS Email<br/>(Microsoft Azure · West Europe)<br/>Receives: recipient email + notification text<br/>only when BYO email is NOT configured"]
end
Users --> YourM365
Users --> YourAzure
Functions -->|"license key + tenant ID — no document content, no PII"| LicAPI2
Functions -->|"HMAC token — no document bytes, no identity data"| eSignPortal2
Functions -->|"recipient email + notification (BYO not configured)"| SharedACS2
style VaultPDFOp fill:#fce4ec,stroke:#c62828
style YourOrg fill:#e8f5e9,stroke:#2e7d32
VaultPDF-Operated Sub-Processors
These sub-processors process data on behalf of VaultPDF in the operation of the Licensing API and eSign Portal.
| Sub-processor | Purpose | Data processed | Location | Safeguard |
|---|---|---|---|---|
| Microsoft Azure (Microsoft Corporation) | Hosts VaultPDF Licensing API and eSign Portal | License keys, tenant IDs, HMAC tokens | West Europe (Netherlands) | Microsoft Data Processing Agreement; EU SCCs (Art. 46(2)(c)) |
| Azure Communication Services (Microsoft Corporation) | Outbound email for VaultPDF shared email infrastructure ([email protected], [email protected]) | Recipient email address, email body | West Europe | Microsoft DPA; EU SCCs |
Bring Your Own Email
When you configure Bring Your Own Email (-EmailProvider customer-acs), your Azure Communication Services resource is used instead of VaultPDF shared email. In that case, Azure Communication Services is your sub-processor, not VaultPDF's.
Customer-Deployed Infrastructure Sub-Processors
These are sub-processors engaged directly by your organisation when you deploy VaultPDF into your Azure subscription. VaultPDF is not a party to these agreements.
| Sub-processor | Service | Data processed | Notes |
|---|---|---|---|
| Microsoft Corporation | Azure Functions, Azure Service Bus queues, Azure Blob Storage, Azure Key Vault, App Insights, Log Analytics | Document payloads, PDFs, audit logs, encryption keys | Under your Microsoft Customer Agreement and Data Processing Addendum |
| Microsoft Corporation | SharePoint Online, Entra ID | Documents, approver identities, Activity list data | Under your Microsoft 365 subscription and MCA DPA |
| Microsoft Corporation | Azure Communication Services (optional) | Approver/recipient email addresses, email content | Only when BYO email is configured |
Data Flows to Sub-Processors
| Data | Recipient | Data content |
|---|---|---|
| License key and Microsoft 365 tenant ID | VaultPDF Licensing API (Microsoft Azure) | Non-personal identifiers |
| HMAC portal token | VaultPDF eSign Portal (Microsoft Azure) | Pseudonymous token; no identity or document data |
| Notification emails | VaultPDF shared Azure Communication Services (Microsoft Azure) or your Azure Communication Services | Recipient email and notification text (no document content unless you include it in email templates) |
| All document data, PDFs, audit records | Your Azure subscription (Microsoft Azure) | Under your own MCA |
Engagement Notices
VaultPDF commits to:
- Notifying customers of any intended changes to this sub-processor list with 30 days' notice before the change takes effect.
- Providing customers with the opportunity to object to the change. If no resolution is possible, either party may terminate the relevant services on notice.
DPA and Sub-Processor Inquiries
Contact our privacy team for Data Processing Agreement requests and sub-processor questionnaires.
Security Controls
Authentication, encryption, network isolation, key management, audit controls, and compliance posture for VaultPDF. For CISO, security teams, and pen-test scoping.
Incident Response
VaultPDF incident response procedures, severity levels, and customer notification timelines for CISO and operations teams.