Effective Date: 10 November 2025
Replaces previous version dated 3 March 2022
To operate our Services securely and reliably, Medtribe Ltd ("Medtribe", "we", "us", or "our") engages a small number of trusted third-party providers ("sub-processors") that process personal data on our behalf.
We only use sub-processors that:
This list reflects our current sub-processors and may change as our Services evolve.
| Provider | Purpose | Region of Processing | Safeguards |
|---|---|---|---|
| Amazon Web Services (AWS) | Storage | EU / UK (Ireland and London regions) | Data remains in EU/UK data centres |
| Heroku | Primary hosting and infrastructure | EU / UK (Ireland and London regions) | Data remains in EU/UK data centres |
| Cloudflare Inc. | Content delivery network (CDN) and security | Global (edge network) | SCCs and regional routing controls |
| Provider | Purpose | Region of Processing | Safeguards |
|---|---|---|---|
| Google Auth | User authentication and account security | EU / US | SCCs and Google DPA |
| SendGrid (Twilio Inc.) | Transactional email delivery and notifications | UK | SCCs under Twilio DPA |
| Provider | Purpose | Region of Processing | Safeguards |
|---|---|---|---|
| Stripe Payments Europe Ltd | Payment processing and subscription billing | EU (Ireland); limited US processing | SCCs and PCI DSS Level 1 compliance |
| Provider | Purpose | Region of Processing | Safeguards |
|---|---|---|---|
| Loops | Opt-out email communications and marketing automation | US / EU | SCCs and GDPR-compliant processing |
| TermsFeed | Cookie banner and consent management | US / EU | SCCs and DPA in place |
We review our sub-processors periodically and update this page as needed.
Material changes are communicated to organisational customers where required by agreement.
The "Last Updated" date above reflects the most recent revision.
Email: support@medtribe.com