Legal
Sub-processors
Last updated: TODO — set on publication
Doobles uses the third parties listed below to operate the service. Each handles the minimum personal data needed for its purpose and is bound by an appropriate Data Processing Agreement (DPA) with Doobles.
We notify customers at least 30 days in advance of adding or replacing a sub-processor. To receive these notifications, email privacy@doobles.uk.
| Sub-processor | Purpose | Personal data received | Location |
|---|---|---|---|
| Twilio | SMS and WhatsApp alert delivery | Recipient phone number, message body (sensor name, breach detail) | United States (SCCs in place) |
| Fastmail | Transactional email (alerts, weekly reports, account emails) | Recipient email, name, message body, PDF attachments | Australia (adequacy decision recognised by the ICO) |
| Pushover | Mobile push notifications | User key, message body | United States (SCCs in place) |
| INIZ | VPS hosting (application server, database, MQTT broker) | All operational data stored in TimescaleDB | European Union |
| rsync.net | Off-site backup storage | Encrypted nightly database snapshots | United States (SCCs in place) |
| GitHub | Source code hosting | Source code only — no customer personal data | United States (SCCs in place) |