Security & Sub-processors
When performing our services, our partners might have access to personal data. They are, therefore, (sub-)processors of personal data as referred to in article 4 of the General Data Protection Regulation (GDPR). At Docflow, we take several measures to ensure that this data is processed in a safe and responsible way, in line with article 28(2) of the GDPR.
When possible, we keep data in Europe and we concluded a data processing agreement (DPA) with each of our partners. In addition, we only work with partners located in the European Union, or at the United States, provided they comply with the GDPR rules and regulations when processing our data. Below you find the updated list of the partners, which might have access to the processed/ collected data by Docflow:
| Sub-processor | Purpose | Country of processing | Certification | Remarks | Country entity |
|---|---|---|---|---|---|
| Amazon Web Services (AWS) | AWS is used to host, backup and process Docflow’s web applications and all its data. | EEA | ISO 27001, 27017, 27018 certification and SOC2 Type I attestation | - | Ireland |
| Appsignal | Application performance monitoring | EU | Application data stored in ISO 27001 certificated facilities | - | NL |
| Mailgun | Transaction email service to send, receive and track emails | EU/US | - | Limited storage time for message bodies (up to seven days). | US |
| Hubspot | Store leads info, establish communication channels and track progress along the buying lifecycle | EU & US | Application data stored in ISO 27001 certificated facilities | The data that is processed is limited to Docflow’s direct contact persons at the customer/lead | US |
| Moneybird | Invoicing & accounting software | EER | - | Only personal data of Docflow’s direct contact persons at the customer is being processed. | NL |
| Slack | Used as internal communication system at Docflow. Although sharing personal data of our customers over is limited, a processing agreement with Slack has been concluded. | US | - | Only personal data of Docflow’s direct contact persons at the customer is being processed. | US |
| Freshdesk | Helpdesk software | US & EU | ISO 27001, 27017, 27018 certification and SOC2 Type I attestation | Only personal data of Docflow’s direct contact persons at the customer is being processed. | US |
| Google Workspace | Used for email communication, calendar events and cloud storage of our team. | US & EU | Application data stored in ISO 27001 certificated facilities | Only personal data of Docflow’s direct contact persons at the customer is being processed. | US |