Sub-processor Disclosure
Checks for a sub-processor / data-processing (DPA) disclosure page or link
Checks for a sub-processor / data-processing (DPA) disclosure page or link
| Rule ID | legal/subprocessor-disclosure |
| Category | Legal Compliance |
| Scope | Site-wide |
| Severity | info |
| Weight | 3/10 |
Solution
Under GDPR Art. 28, processors must disclose the sub-processors they engage and offer a Data Processing Agreement (DPA). Publish a /subprocessors page listing each third party that handles customer personal data (purpose, location), keep it current, and link a DPA from your legal/trust pages. B2B SaaS and fintech buyers expect this during security review.
The rule passes when it finds a dedicated sub-processor / data-processing / DPA page (by URL path) or a link to one (by href or anchor text) on any crawled page.
Enable / Disable
Disable this rule
squirrel.toml
toml[rules]
disable = ["legal/subprocessor-disclosure"]Disable all Legal Compliance rules
squirrel.toml
toml[rules]
disable = ["legal/*"]Enable only this rule
squirrel.toml
toml[rules]
enable = ["legal/subprocessor-disclosure"]
disable = ["*"]