Sub-processors and third-party service providers
As any other business, we engage third-parties and affiliated companies as service providers to provide, improve, protect and promote our Services and to support our business.
This page provides important information about these service providers.
1. Third-party Sub-processors
Where we act as a data processor on behalf of our Customers, we use third-party processors with access to certain Company Personal Data (as defined in our Data Processing Agreement) (each a "Sub-processor") to provide the IncaMail Services. In particular, we use third party Sub-processors to provide infrastructure services, and to help us provide customer support and email notifications. We require our third-party Sub-processors to use the personal data that we share with them solely in connection with the services they provide to us. Also, access to these systems is regulated by our strict internal security policies (in accordance with ISO 27001) and requires two-step verification.
Where Company Personal Data is transferred to a Sub-processor in a third country outside of the EEA, we rely on appropriate transfer mechanisms.
Infrastructure processors
Our largest third-party provider is Microsoft since IncaMail runs on Microsoft Azure datacenters. Thanks to client-side end-to-end encryption, administrators of these datacenters cannot access your Encrypted Content in an unencrypted form.
Third-party processor | Purpose | Country | Sub-processors | Example Data |
Swiss Post IT | Cloud storage services |
Switzerland
|
Tresorit Group
|
Content of the emails, account information |
Other processors
Third-party processor | Purpose | Country | Sub-processors | Example Data |
Microsoft Azure | Application Performance Management (APM) service | Switzerland |
Subprocessors of Microsoft Azure
|
Data in connection with data hosting such as registration, billing and account information, access logs, usage data |
Twilio | Messaging Service: Two-step verification calls and texts | San Francisco, CA | Subprocessors of Twilio |
Data in connection with two-step verification calls and texts such as phone number, verification message
|
Zendesk | Customer support tools | San Francisco, CA | Subprocessors of Zendesk | Data in connection with customer support services provided by the customer such as email addresses and support tickets |
Salesforce | Customer relationships management portal | Ireland, EU | Subprocessors of Salesforce | Contact data, data shared with our Sales Teams by customers / third parties |
Amazon Simple Email Services (SES)
|
Automated emails about transactions and notifications
|
Luxembourg, EU Chosen data location: Ireland |
Subprocessors of Amazon SES | Data in connection with e-mail delivery and management service such as name, e-mail address, e-mail messages (transactional only) |
2. Affiliate Sub-processors
Swiss Post may engage one or more of its affiliates as Sub-processors to deliver the IncaMail Services. Currently these affiliates operate in Hungary and in Germany.
Entity Name | Country |
Tresorit Kft. | Hungary |
Tresorit GmbH | Germany |
3. Payment and subscription management providers
To ensure a seamless and secure payment for the IncaMail Services, we do not store your credit card details, we entrust our certified payment providers with the execution of your payment and billing.
IncaMail is integrated with Stripe and uses the automated, recurring billing and invoicing feature. Stripe is a PCI-compliant service.
We use Google reCAPTCHA to prevent fraud and misuse of the IncaMail Services. When you subscribe to the IncaMail Services, directly through the subscription flow of IncaMail, Google will collect certain device information through the checkout dialog, together with additional information that you enter into the reCAPTCHA service (e.g. your billing info). Google will process this information in accordance with its terms of service and privacy policy.
Payment provider | Purpose | Example Data |
Stripe | Payment gateway |
Payment and billing information, that includes billing addresses, payment amounts, credit card details
|
4. Other third-party service providers
We may engage third-party companies or individuals as service providers or business partners to process certain data and support our business, such as hosting service providers, IT providers, operating systems and platforms, internet service providers, data analytics companies, and marketing providers. We may also contract with companies to provide certain services, such as identity verification, market research, and promotions management.
Currently, these third parties include the following providers:
- DocuSign Inc., an electronic signature platform for signing DPA’s and Customer Agreements,
- Salesforce, for marketing campaigns to (i) Customers and (ii) website visitors who are signed up for marketing emails.
We may share your data with professional advisers acting as service providers, processors, controllers, or joint controllers - including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your data.
Third-party analytics services on the website
On the website we use service providers for analytics and advertising purposes, in accordance with our Cookie Policy.
This article was last updated 7 December 2024. Please note that the third party service providers we use may change over time. In accordance with our Data Processing Agreement, we will endeavor to provide the Administrator of Customer’s account with notice of any new Sub-processors, along with posting such updates here. Please check back frequently for updates.