Data Processing & Sub-processors
Last Updated: July 2, 2026
1. Overview
When we build or run systems that handle personal data belonging to your customers or users, you are the data controller and Rogue Digital Ltd (Company No. 15403136) is the data processor. In that arrangement we enter into a Data Processing Agreement (DPA) that meets Article 28 of the UK GDPR, and we are transparent about the sub-processors involved. For data collected through this website, we are the controller: see our Privacy Policy.
2. Requesting Our DPA
We provide our DPA as part of an engagement so it can be reviewed and signed by both parties. To request a copy for your legal or procurement review before we start, email privacy@roguedigital.ai and we will send it over. If you have your own DPA template, we are happy to work from yours.
3. What Our DPA Covers
Our DPA sets out the standard Article 28 protections:
- Subject matter, duration, nature and purpose of the processing, and the types of data and data subjects
- Processing only on your documented instructions
- Confidentiality obligations on the people who process the data
- Appropriate technical and organisational security measures
- Terms for engaging sub-processors, with notice of changes
- Assistance with data-subject requests and with your own compliance duties
- Personal-data breach notification
- Deletion or return of data at the end of the engagement
- Information and audit rights so you can verify our compliance
4. Website Sub-processors
The third parties that may process personal data submitted through this website:
| Sub-processor | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Vercel Inc. | Website hosting and content delivery | USA / global edge | SCCs |
| Web3Forms | Contact-form submission delivery | EU / USA | SCCs |
| Cal.com | Meeting scheduling and booking | USA / EU | SCCs |
| Google (Google Analytics) | Website analytics (consent-gated) | USA / global | SCCs |
5. Engagement Sub-processors
For client engagements, the specific sub-processors depend on the systems we build and run, and are listed in the applicable order or DPA rather than fixed here. They commonly include a major cloud platform (for example Amazon Web Services, Google Cloud or Vercel) and, where a project uses AI, model providers engaged under enterprise or API terms with no-training settings. We give you the list that applies to your engagement, and notice before we add or change a sub-processor that touches your data.
6. International Transfers
Where a sub-processor processes data outside the UK, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement and Standard Contractual Clauses, so your data keeps an equivalent level of protection.
7. Contact
Questions about data processing, our DPA, or our sub-processors:
Email: privacy@roguedigital.ai
See also our Privacy Policy, Security & Trust, and Responsible AI pages.