1. Purpose
This policy identifies third-party providers that may process personal data for DocRide when we provide the platform. These providers are "subprocessors" where DocRide acts as processor for customer-controlled personal data.
2. Current subprocessors and providers
| Provider | Purpose | Data categories | Location / transfer note |
|---|---|---|---|
| [UK hosting provider to confirm] | Cloud hosting, database, media/files, backups and infrastructure. | Platform data, customer content, logs, uploaded files. | United Kingdom, according to current operating model. |
| Amazon SES | Transactional email, password resets, notifications and service messages. | Email addresses, message metadata and email content. | Region to confirm; safeguards used where required. |
| Stripe | Payment processing, subscriptions, billing portal, fraud prevention. | Billing contact details, payment references, card/payment data handled by Stripe. | International processing; Stripe transfer safeguards apply. |
| Google Gemini | AI-assisted drafting, analysis, recommendations and report support. | Prompts, selected source content, generated outputs and metadata. | International processing may occur; customer content is not used to train general models. |
| Google Analytics / Google Tag | Public website analytics. | Cookie identifiers, device/browser data, usage data, approximate location. | International processing; consent should be obtained where required. |
| [Monitoring/logging provider to confirm] | Error logging, monitoring, security and platform reliability. | Logs, technical metadata, error traces and limited account identifiers. | To confirm before production publication if used. |
3. Subprocessor commitments
DocRide will:
- carry out proportionate due diligence on subprocessors;
- enter into written terms imposing appropriate data protection obligations;
- ensure subprocessors only process data for authorised purposes;
- maintain appropriate transfer safeguards where data is processed outside the UK or EEA;
- update this page or notify customers when material subprocessors change.
4. Customer objections
Customers may object to a new subprocessor on reasonable data protection grounds. If the objection cannot be resolved, the customer's remedy may be to stop using the affected service or terminate in accordance with the User Agreement.