Effective Date: July 21, 2024
SquareGPS uses certain subprocessors to assist in providing our services. This list covers all personal data processing scenarios where SquareGPS acts as either Data Controller or Data Processor.
CORE SERVICE INFRASTRUCTURE
These subprocessors may process personal data of all users of SquareGPS services
Service Provider | Primary Location | Purpose | Data Categories |
Amazon Web Services | EU (Frankfurt) for EU/Eurasia/Africa customers US (Virginia, California, Oregon, Ohio) for Americas customers | Cloud infrastructure and hosting | All service data including location data, user accounts |
CUSTOMER TRACKING SERVICES
These subprocessors process data when SquareGPS acts as Data Processor for Partners
Service Provider | Primary Location | Purpose | Data Categories |
Amazon Web Services | EU (Frankfurt) for EU/Eurasia/Africa customers US (Virginia, California, Oregon, Ohio) for Americas customers | GPS tracking data storage | Location data, device data, trip history |
BUSINESS OPERATIONS
These subprocessors handle SquareGPS business operations (Data Controller activities)
Service Provider | Primary Location | Purpose | Data Categories |
Stripe | United States | Payment processing | Billing information, payment details |
PayPal | United States | Payment processing | Billing information, payment details |
Zoho | United States | Accounting and financial management | Business contacts, invoices |
DocuSign | United States | Contract management | Business documents, signatures |
CUSTOMER COMMUNICATION & SUPPORT
These subprocessors facilitate communication with Partners and their end-users
Service Provider | Primary Location | Purpose | Data Categories |
Zendesk | United States | Customer support platform | Support tickets, user communications |
Front | United States | Customer communication | Email communications, support data |
SendGrid | United States | Email service provider | Email addresses, messaging content |
Twilio | United States | SMS and voice communication | Phone numbers, SMS content |
Nexmo (Vonage) | United Kingdom | SMS communication | Phone numbers, SMS content |
Zadarma | United Kingdom | VoIP communication | Phone numbers, call records |
MARKETING & ANALYTICS
These subprocessors are used for SquareGPS marketing activities (Data Controller)
Service Provider | Primary Location | Purpose | Data Categories |
Google Analytics | United States | Web analytics | Website usage data, IP addresses |
HubSpot | United States | Customer relationship management | Contact information, marketing data |
Mailchimp | United States | Email marketing campaigns | Email addresses, marketing preferences |
INTERNAL OPERATIONS
These subprocessors support SquareGPS internal business operations
Service Provider | Primary Location | Purpose | Data Categories |
Google Workspace | United States | Internal communications | Employee data, business communications |
Slack | United States | Internal team messaging | Employee communications |
DATA PROTECTION STANDARDS
All subprocessors are required to:
- Sign Data Processing Agreements with equivalent GDPR protections
- Implement appropriate technical and organizational security measures
- Process data only on documented instructions from SquareGPS
- Notify SquareGPS of any data breaches within 24 hours
- Assist with data subject rights requests when applicable
INTERNATIONAL TRANSFERS
AWS Regional Data Processing:
- EU Customers: Data processed exclusively in AWS EU regions (Frankfurt) - no international transfers required
- UK Customers: Data processed in AWS EU regions - protected by EU-UK Adequacy Decision
- US Customers: Data processed in AWS US regions
- Cross-region emergency access: May occur for critical incident response with appropriate safeguards
Transfer Protections:
- EU data subjects: No international transfers for core platform services
- UK data subjects: Transfer to EU protected by adequacy decision - no additional safeguards required
- Other US-based subprocessors: Protected by Standard Contractual Clauses (SCCs)
- All transfers: Comply with applicable data protection requirements
AWS Compliance Certifications:
- ISO 27001, 27017, 27018 for information security
- SOC 1, 2, and 3 compliance reports
- EU-US Data Privacy Framework participation
- GDPR Article 28 compliance with robust DPA
YOUR RIGHTS
If you are a Partner (Customer):
- You may object to specific subprocessors on reasonable grounds
- You will receive 30 days notice of any subprocessor changes
- EU/UK customers benefit from AWS EU infrastructure with enhanced data protection
- Contact: privacy@squaregps.com
If you are an End-User of Partner services:
- Your data rights are primarily exercised through your organization
- EU/UK end-users: data processed within EU AWS regions with GDPR protections
- For direct inquiries, contact: privacy@squaregps.com
- Refer to our Privacy Policy for detailed rights information
If you are a Website Visitor:
- Standard GDPR/UK GDPR rights apply to marketing and analytics data
- Manage cookie preferences in our Cookie Settings
- Contact: privacy@squaregps.com
UPDATES TO THIS LIST
We may update this list as business needs evolve. Material changes will be communicated:
- To Partners: 30 days advance notice via email and platform notifications
- To End-Users: Through Partner organizations and website updates
- To Website Visitors: Website notifications and updated documentation