[EN] List of subprocessors
Glenn Vanhaeren avatar
Geschreven door Glenn Vanhaeren
Meer dan een week geleden bijgewerkt

This article is part of our GDPR compliance documentation, and is currently only available in English.

Peepl relies on a handful of third party suppliers who assist in the service we offer to you as a customer. Some of these suppliers process your personal data to be able to execute the service they offer. 

In this document, we give an brief overview of these so-called subprocessors and describe in which way they process your personal data and more importantly, how they make sure your personal data is secure.

Infrastructure Subprocessors

DigitalOcean

DigitalOcean is one of the largest cloud computing platforms. Our web servers, databases and backups are hosted within DigitalOcean's Virtual Private Servers (named Droplets) that Peepl controls. All data is stored inside Europe, mostly in the AMS3 datacenter (Amsterdam, NL). 

Amazon Web Services (AWS)

Peepl uses AWS for secure, versioned file hosting with automatic backups to ensure that no data gets lost. All photos and documents are stored in the eu-central-1 region in Frankfurt (Germany). 

Service Specific Subprocessors

Sentry.io

Sentry is an error reporting tool that provides Peepl with detailed insights and saves an incredible amount of time when debugging. In some cases, personal data is included in the error report, mostly the full name and username of the user that encountered the error. Here are some of the measures that are taken to ensure your data is safe:

  • Report data in Sentry is automatically deleted after 90 days

  • We signed a Data Protection Addendum (DPA) including SCCs with Sentry to ensure compliance

SendGrid

To ensure the best email delivery possible, we work with SendGrid to send emails on our behalf. This includes both transactional emails (notifications, password resets...) and non-transactional emails (activity invites, newsletters...). Given the nature of these emails, they often contain personal information like email addresses, first names, usernames...

SendGrid’s steps to ensure it is GDPR-ready include:

  • Vendor agreements review to ensure that their own vendors are GDPR compliant

  • Providing a Customer Data Protection Agreement (DPA), which Peepl signed

  • As a SendGrid customer, our account is covered by the Twilio Data Protection Addendum, which incorporates the Standard Contractual Clauses in section 14.4.

Twilio

Twilio allows customers to reliably send text messages (sms) through an easy-to-use online application interface (API). Peepl uses Twilio only for its own sms module. The only personal data that Twilio handles are the phone numbers of the recipients. As a Twilio customer, our account is covered by the Twilio Data Protection Addendum, which incorporates the Standard Contractual Clauses in section 14.4.

Intercom

We rely on Intercom for (live) support and customer engagement. Intercom only processes data of administrators and managers (not of end users) as these are the only users that have access to the support desk. Peepl sends your name, username, email, phone number and usage-specific data about your account to Intercom. Our support agents can use this data to help you out faster and more efficiently.

We have signed a DPA with Intercom, which incorporates the SCCs.

Final words

Have a GDPR-related question? Please don't hesitate to contact us!

Was dit een antwoord op uw vraag?