Transparency by default

Subprocessor Policy

SolidCo Pty Ltd
ABN 41 680 244 446

Subprocessor Policy

Version 1.0

1. Purpose

SolidCo Pty Ltd (“SolidCo”, “we”, “our” or “us”) is committed to protecting the personal information entrusted to us by our clients and their users.

As part of providing our services, we may engage carefully selected third party service providers (“subprocessors”) to assist us in delivering web development, cloud hosting, managed services, cybersecurity, software development, communications, billing and related business services.

This policy explains how we select, manage and monitor our subprocessors and should be read together with our:

2. Scope

This policy applies whenever SolidCo processes personal information on behalf of a client and engages a third party to assist in delivering those services.

Where SolidCo acts as a data processor under applicable privacy legislation, including the UK General Data Protection Regulation (UK GDPR) and the European Union General Data Protection Regulation (EU GDPR), we will only appoint subprocessors that provide appropriate safeguards for protecting personal data.

3. What is a Subprocessor?

A subprocessor is a third party organisation that processes personal information on behalf of SolidCo so that we can deliver our services to our clients.

Examples include providers of:

4. Our Principles

When selecting subprocessors, SolidCo aims to:

5. International Data Transfers

Some of our subprocessors operate globally and may process personal information outside Australia, the United Kingdom or the European Economic Area.

Where required by applicable law, we rely on appropriate safeguards for international data transfers, which may include:

6. Security

SolidCo expects subprocessors to maintain appropriate technical and organisational measures to protect personal information.

Depending on the services provided, these measures may include:

While we undertake reasonable due diligence before engaging subprocessors, each provider remains independently responsible for the security of its own systems and services.

7. Current Subprocessors

The following organisations may process personal information on our behalf as part of delivering our services.

Subprocessor Headquarters Purpose Typical Personal Information Processing Locations
Amazon Web Services (AWS)United StatesCloud hosting, cloud services, databases, storage, backups, email delivery and infrastructureApplication data, databases, files, logs, backups, contact information, email addresses and email contentRegional AWS infrastructure and global support operations
AtlassianAustraliaBitbucket, Trello and other Atlassian Cloud services where utilised for source code hosting, version control, software development collaboration, project management, task tracking and team collaborationUser account information, source code repositories, project records, task information, communications and development recordsGlobal Atlassian Cloud infrastructure
BrevoFranceEmail marketing and audience management where utilisedContact information, email addresses and marketing preferencesEuropean and global infrastructure
CloudflareUnited StatesDNS, CDN, cloud services, Web Application Firewall, Zero Trust, Workers and edge securityIP addresses, request metadata, authentication data and security logsGlobal Cloudflare network
DropboxUnited StatesCloud file storage, file sharing, document collaboration, synchronisation and backupsFiles, documents, project assets, contact information, contracts, invoices and backupsUnited States and other regions where Dropbox and its authorised subprocessors operate data centres and provide support services
GitHubUnited StatesSource code hosting, version control and software development collaborationUser account information, source code repositories and development recordsGlobal GitHub infrastructure
GoogleUnited StatesCloud hosting, cloud services, databases, storage, backups, email, document management and collaborationApplication data, databases, files, logs, backups, contact information, emails, documents and calendarsGlobal Google infrastructure
MailchimpUnited StatesEmail marketing and audience management where utilisedContact information, email addresses and marketing preferencesGlobal Mailchimp infrastructure
MicrosoftUnited StatesCloud hosting, cloud services, databases, storage, backups, email, document management and collaborationApplication data, databases, files, logs, backups, contact information, emails, documents and calendarsGlobal Microsoft infrastructure
OpenAIUnited StatesTranscription, caller identification and verificationShared topics and transcribed recorded communicationsGlobal OpenAI infrastructure
SlackUnited StatesBusiness communications and collaborationContact information, messages and shared filesGlobal Slack infrastructure
StripeUnited States / IrelandPayment processing and billingContact information, billing information and payment metadataGlobal Stripe infrastructure
TwilioUnited StatesSMS and communication services where enabledPhone numbers, communication storage and metadataGlobal Twilio infrastructure
XeroNew ZealandAccounting, bookkeeping and invoicingContact information, invoices, financial records and payment informationGlobal Xero infrastructure

Additional subprocessors may be engaged where necessary to deliver specific client services.

8. Changes to Subprocessors

SolidCo may update its list of subprocessors as our business or technology changes.

The current version of this policy will always be available on our website.

Where required by contract or applicable law, we will notify affected clients before appointing a new subprocessor that materially changes the processing of client personal information.

9. Client Enquiries

Clients may request additional information regarding our subprocessors or the safeguards we apply by contacting us using the details below.

Where required by applicable privacy legislation or contractual obligations, we will respond within the applicable legal timeframes.

10. Contact

Privacy Officer
SolidCo Pty Ltd
ABN 41 680 244 446

Privacy enquiries may also be submitted using the contact details provided in our Privacy Policy.

Contact Us →

11. Policy Updates

We may amend this policy from time to time to reflect changes in our services, subprocessors or applicable legal requirements.

The latest version will always be published on our website.


Related Documents