| Name | Address | Main establishment location | Description of processing | Data processing location | Further information |
|---|---|---|---|---|---|
| Amazon Web Services EMEA SARL | 1 Principal Place, Worship Street, London, EC2A 2FA | UK | Cloud web hosting (database, file storage) | UK and Ireland | Privacy policy |
| Mythic Beasts | Mythic Beasts Ltd, PO Box 1363, Cambridge, CB1 0FJ | UK | Cloud web hosting (database, file storage) | UK | Privacy policy |
| Bunny | BunnyWay d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia | Slovenia | CDN and DDoS mitigation services (Bunny CDN) | Global | GDPR policy |
| Google Cloud EMEA Limited | Velasco, Clanwilliam Place, Dublin 2 | Ireland | Studio 24 company document storage (Google Workspace) | Europe | Privacy terms |
| Proton AG | Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland | UK | Studio 24 company email service (Proton Mail) | Switzerland | Privacy policy |
| Name | Address | Main establishment location | Description of processing | Data processing location | Guarantees for international transfer | Further information |
|---|---|---|---|---|---|---|
| 37signals LLC | 137 N Oak Park Ave, Suite 208, Oak Park, IL, 60301, USA | USA | Client and supplier communications and document sharing (Basecamp) | USA | Data processing addendum with Standard Contractual Clauses | Privacy policy |
| ActiveCampaign LLC | 1 North Dearborn St, 5th Floor Chicago, IL 60602 | USA | Transactional email delivery (Postmark email) | USA | UK Extension to the EU-U.S. Data Privacy Framework. | EU Data Protection |
| Cloudflare, Inc. | 101 Townsend St, San Francisco, CA 94107, USA | USA | CDN and DDoS mitigation services (Cloudflare) | Global | UK Extension to the EU-U.S. Data Privacy Framework | Data Act Addendum (EU Data Act) |
| Mailgun Technologies, Inc. | 112 E Pecan St #1135, San Antonio, TX 78205, USA | USA | Transactional email delivery (Mailgun email) | USA | UK Extension to the EU-U.S. Data Privacy Framework | GDPR compliance |
| Zendesk, Inc. | 181 Fremont St., San Francisco, CA 94105, USA | USA | Support ticketing service (Zendesk) | Global | UK Extension to the EU-U.S. Data Privacy Framework | Zendesk Trust Center |
You can verify USA-based services have agreed to the UK Extension to the EU-US Data Privacy Framework via the Data Privacy Framework website.
We manage our hosting at AWS either in regions eu-west-1 (Ireland) or eu-west-2 (London).
If other external services are used for your project, we'll document these and advise on any data privacy risks.
Email may be used in your application to send personal data, for example an address. We recommend not sending sensitive personal data via email.
Email is generally sent in plaintext, since there is not wide support for encrypted emails on the internet.
This means email services store copies of emails, this is normally limited to 45 days.
Bounced emails and spam complaints are stored indefinitely in a Streams Suppression list for reporting and list hygiene.