Chkk partners with carefully selected providers to deliver a high-quality, secure service. These subprocessors support various functions, including infrastructure hosting, analytics, and payment processing. Before onboarding any vendor that will store or process customer data, we conduct a rigorous due diligence process as outlined in our Third-Party Management Policy. This evaluation assesses the vendor’s security measures, data protection capabilities, and compliance posture.

Once approved, each subprocessor signs a Data Protection Agreement (DPA) that defines their responsibilities regarding confidentiality and security. We continuously monitor our subprocessors to ensure they uphold our security standards. This includes reviewing their certifications (such as ISO 27001 and SOC 2), assessing their internal security posture, and evaluating their incident response readiness.

We also require subprocessors to implement least-privilege access controls, ensuring they only have access to the minimal data necessary for their function. Additionally, we encourage frequent security reviews and audits to quickly identify and mitigate potential vulnerabilities. Where feasible, we implement data segregation measures to limit third-party access to only the data required for their role.

For a comprehensive list of approved subprocessors and the services they provide, visit the Chkk Trust Center. There, you will find details on their geographic location, types of personal data processed, and relevant compliance credentials. In the event of significant changes to our subprocessor list, we will notify customers promptly to maintain transparency and trust.

If you have any questions about a specific vendor or would like more details on our third-party risk management process, reach out to us at privacy@chkk.io or consult Chkk Trust Center.

Was this page helpful?