Compliance and Certification is proud to announce that we are ISAE 3402 certified and have been audited by the prestigious PwC. This certification is a testament to our commitment to upholding the highest standards of service and delivery, ensuring the integrity, confidentiality, and availability of your data.



The ISAE 3402 certification is an internationally recognized standard that assesses the controls within a service organization which are relevant to user entities' internal control over financial reporting. In simpler terms, it indicates that we have robust systems and processes in place, providing you with the assurance of our operational effectiveness and a secure control environment.

Our ISAE 3402 report, audited by PwC, is available upon request for existing and potential customers. This comprehensive report provides an in-depth view of our control landscape and the effectiveness of our operational controls.


Data sub-processors


The company ApS reg. DK38363395 or '' and any subdomains of the company such as,,,, adheres to the European Commission standard contractual clauses between controllers and processors under Article 28(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council and Article 29(7) of Regulation (EU) 2018/1725 of the European Parliament and of the Council. On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), and in particular Article 28(7) thereof. The processor ( shall process personal data (on behalf of the customer who is the data controller) only on documented instructions from the controller, unless required to do so by Union or Member State law to which the processor is subject. In this case, the processor shall inform the controller of that legal requirement before processing, unless the law prohibits this on important grounds of public interest. Subsequent instructions may also be given by the controller throughout the duration of the processing of personal data. These instructions shall always be documented. The processor has the controller’s general authorisation for the engagement of sub-processors from the agreed list on this web page. The processor shall specifically inform in writing the controller of any intended changes of this list through the addition or replacement of sub-processors at least 1 month in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. Current sub-processors of ApS which may or may not be used depending on region of the controller: Nets A/S Nets Branch Oslo Amazon Web Services EMEA SARL Atlassian Inc Visma e-conomic A/S Bambora Danmark A/S Team.Blue Denmark A/S Google Workspaces (EU data residence)