Every check on this platform is grounded in the published standards your compliance, audit and IT-security teams already know — UCP 600, ISBP 821, URDG 758, FATF, Wolfsberg, OFAC, GDPR, DPDP. This page tells you exactly what is in place today and what is on the roadmap. We do not claim certifications we do not yet hold.
Compatible = our platform's controls let a customer meet the obligations of this standard with the configuration we ship; we do not claim formal certification. Roadmap = we plan to pursue this; no audit engagement is underway yet and no target date is committed. Certified = independently audited and current (none yet — we will name the auditor and certificate ID when we have one).
Third parties that process customer data on our behalf today. We will notify customers in writing before adding a new sub-processor that materially changes data handling.
| Vendor | Purpose | Region |
|---|---|---|
| Cloudflare Inc. | Edge network, WAF, DDoS, TLS termination | Global (anycast) |
| MongoDB Inc. (Atlas) | Primary database + at-rest encryption | Selectable: US / EU / India |
| OpenAI / Anthropic / Google (via Emergent universal key) | LLM-assisted extraction, classification, drafting | US (no training on customer data) |
| Resend | Transactional email delivery (sign-up, password reset, notices) | US |
| Stripe | Card payment processing for token purchases | Global |
| Razorpay | INR payment processing (planned) | India |
If you've found a vulnerability, please email security@webtraditor.com. We respond within one business day, fix high-severity issues within 7 days, and credit researchers on this page (with permission).
Machine-readable disclosure policy: /.well-known/security.txt
Have a vendor security questionnaire or a custom Data Processing Agreement? Email hello@webtraditor.com — we typically respond within three business days. For data-subject requests or GDPR/DPDP queries, write to privacy@webtraditor.com.
Back to homeMade with Emergent