This page lists the third parties (our "subprocessors") that we use to help deliver the Services and that may process personal data on our behalf. It supports, and should be read with, our Privacy Policy.
How this list works
To avoid exposing unnecessary detail about how the Services are built, we disclose our subprocessors on this public page by the role they perform rather than by name. The specific vendor for each role, and the locations where it processes data, are available to customers on request or under a data processing agreement. To request these details, contact us at [email protected].
Current subprocessors
We rely on the following categories of subprocessor:
Cloud hosting and compute
File and object storage
Content delivery, security, and bot protection
Payment processing
Email delivery
Content-safety scanning
Our commitments
Each subprocessor may process personal data only on our instructions and under a written contract. They are bound to keep the data confidential and to apply security measures consistent with our Privacy Policy. We remain responsible to you for how our subprocessors handle data we entrust to them.
How we vet subprocessors
Before we engage a subprocessor, and from time to time afterwards, we assess its security and data-protection practices. We put data-protection terms in place with each one, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum where a transfer needs them, as described in the international-transfers section of our Privacy Policy.
Changes and notice
We update this list as our subprocessors change. Customers who have a data processing agreement with us can ask to be notified of new subprocessors and may object to a new subprocessor on reasonable data-protection grounds, as set out in that agreement.
Requesting details and contact
To request the named vendor for a role, its processing locations, or to raise an objection, email us at [email protected].