menu

Subprocessors

Effective Date: July 21, 2024

SquareGPS uses certain subprocessors to assist in providing our services. This list covers all personal data processing scenarios where SquareGPS acts as either Data Controller or Data Processor.

CORE SERVICE INFRASTRUCTURE

These subprocessors may process personal data of all users of SquareGPS services

Service ProviderPrimary LocationPurposeData Categories
Amazon Web ServicesEU (Frankfurt) for EU/Eurasia/Africa customers
US (Virginia, California, Oregon, Ohio) for Americas customers
Cloud infrastructure and hostingAll service data including location data, user accounts

 

CUSTOMER TRACKING SERVICES

These subprocessors process data when SquareGPS acts as Data Processor for Partners

Service ProviderPrimary LocationPurposeData Categories
Amazon Web ServicesEU (Frankfurt) for EU/Eurasia/Africa customers
US (Virginia, California, Oregon, Ohio) for Americas customers
GPS tracking data storageLocation data, device data, trip history

 

BUSINESS OPERATIONS

These subprocessors handle SquareGPS business operations (Data Controller activities)

Service ProviderPrimary LocationPurposeData Categories
StripeUnited StatesPayment processingBilling information, payment details
PayPalUnited StatesPayment processingBilling information, payment details
ZohoUnited StatesAccounting and financial managementBusiness contacts, invoices
DocuSignUnited StatesContract managementBusiness documents, signatures

 

CUSTOMER COMMUNICATION & SUPPORT

These subprocessors facilitate communication with Partners and their end-users

Service ProviderPrimary LocationPurposeData Categories
ZendeskUnited StatesCustomer support platformSupport tickets, user communications
FrontUnited StatesCustomer communicationEmail communications, support data
SendGridUnited StatesEmail service providerEmail addresses, messaging content
TwilioUnited StatesSMS and voice communicationPhone numbers, SMS content
Nexmo (Vonage)United KingdomSMS communicationPhone numbers, SMS content
ZadarmaUnited KingdomVoIP communicationPhone numbers, call records

 

MARKETING & ANALYTICS

These subprocessors are used for SquareGPS marketing activities (Data Controller)

Service ProviderPrimary LocationPurposeData Categories
Google AnalyticsUnited StatesWeb analyticsWebsite usage data, IP addresses
HubSpotUnited StatesCustomer relationship managementContact information, marketing data
MailchimpUnited StatesEmail marketing campaignsEmail addresses, marketing preferences

 

INTERNAL OPERATIONS

These subprocessors support SquareGPS internal business operations

Service ProviderPrimary LocationPurposeData Categories
Google WorkspaceUnited StatesInternal communicationsEmployee data, business communications
SlackUnited StatesInternal team messagingEmployee communications

 

DATA PROTECTION STANDARDS

All subprocessors are required to:

  • Sign Data Processing Agreements with equivalent GDPR protections
  • Implement appropriate technical and organizational security measures
  • Process data only on documented instructions from SquareGPS
  • Notify SquareGPS of any data breaches within 24 hours
  • Assist with data subject rights requests when applicable

 

INTERNATIONAL TRANSFERS

AWS Regional Data Processing:

  • EU Customers: Data processed exclusively in AWS EU regions (Frankfurt) - no international transfers required
  • UK Customers: Data processed in AWS EU regions - protected by EU-UK Adequacy Decision
  • US Customers: Data processed in AWS US regions
  • Cross-region emergency access: May occur for critical incident response with appropriate safeguards

Transfer Protections:

  • EU data subjects: No international transfers for core platform services
  • UK data subjects: Transfer to EU protected by adequacy decision - no additional safeguards required
  • Other US-based subprocessors: Protected by Standard Contractual Clauses (SCCs)
  • All transfers: Comply with applicable data protection requirements

AWS Compliance Certifications:

  • ISO 27001, 27017, 27018 for information security
  • SOC 1, 2, and 3 compliance reports
  • EU-US Data Privacy Framework participation
  • GDPR Article 28 compliance with robust DPA

 

YOUR RIGHTS

If you are a Partner (Customer):

  • You may object to specific subprocessors on reasonable grounds
  • You will receive 30 days notice of any subprocessor changes
  • EU/UK customers benefit from AWS EU infrastructure with enhanced data protection
  • Contact: privacy@squaregps.com

If you are an End-User of Partner services:

  • Your data rights are primarily exercised through your organization
  • EU/UK end-users: data processed within EU AWS regions with GDPR protections
  • For direct inquiries, contact: privacy@squaregps.com
  • Refer to our Privacy Policy for detailed rights information

If you are a Website Visitor:

  • Standard GDPR/UK GDPR rights apply to marketing and analytics data
  • Manage cookie preferences in our Cookie Settings
  • Contact: privacy@squaregps.com

 

UPDATES TO THIS LIST

We may update this list as business needs evolve. Material changes will be communicated:

  • To Partners: 30 days advance notice via email and platform notifications
  • To End-Users: Through Partner organizations and website updates
  • To Website Visitors: Website notifications and updated documentation
IoT Logic  NEW
Open
IoT Logic  NEW
Receive, enrich, and transmit
telematics data. Automate processes.
No-code.
Learn more >
Open