AgileCase Sub-Processors

Our Sub-processors, your confidence.

Sub-Processors - Last Updated, 16th May 2018

To support the delivery of the AgileCase service ("AgileCase"), we may engage and use data processors with access to certain Client Data (each, a "Sub-processor"). This page provides important information about the identity, location and role of each Subprocessor.

What is a sub-processor?

A sub-processor is a third party data processor engaged by AgileCase who has or potentially will have access to or process Client Data (which may contain Personal Data). AgileCase engages different types of sub-processors for perform various functions as explained in the tables below.

Due diligence

AgileCase undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of the proposed sub-processors that will or may have access to, or process, Client Data.

Contractual safeguards

AgileCase requires its Subprocessors to satisfy equivalent obligations as those required from AgileCase (as a Data Processor) as set forth in either AgileCase’s, or the corresponding Subprocessor’s equivalent, Data Processing Addendum (“DPA”), incorporating Standard Contractual Clauses ("SCC") where appropriate, including but not limited to the requirements to:

  • process Personal Data in accordance with AgileCase's instructions;
  • in connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
  • implement and maintain appropriate technical and organisational measures (including measures consistent with those to which AgileCase is contractually committed to adhere insofar as they are equally relevant to the Subprocessor’s processing of Personal Data on AgileCase's behalf);
  • promptly inform AgileCase about any actual or potential security breach; and
  • cooperate with AgileCase in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
This policy does not give users of the Service any additional rights or remedies and should not be construed as a binding agreement. The information here is provided for transparency purposes to illustrate AgileCase's engagement process for Subprocessors as well as to provide the actual list of third party Sub-processors used by AgileCase which AgileCase may use in the delivery and support of its Service.

Process to engage new sub-processors

As our business and software grows and evolves, the Sub-processors we engage may also change. We will provide users of the Service with notice of any new Sub-processors to the extent required under the Agreement by posting such updates here.

AgileCase will provide notice via this policy of updates to the list of Sub-processors that are utilised or which AgileCase proposes to utilise to deliver its Service. AgileCase undertakes to keep this list updated regularly to enable users of the Service to stay informed of the scope of subprocessing associated with the Service.

Infrastructure Sub-Processors, Client Data Storage

AgileCase uses the following sub-processors to host Client Data and provide other infrastructure that helps with the delivery of our Service.

Entity Name Sub-processing Activities Country Adequacy
Amazon Web Services Inc. Cloud Service Provider Ireland GDPR Statement, ISO 27001, Privacy Shield, DPA with SCC
Microsoft Azure. Cloud Service Provider Ireland GDPR Statement, ISO 27001, Privacy Shield
Google, Inc. Cloud Service Provider United States GDPR Statement, ISO 27001, Privacy Shield, DPA with SCC
CloudFlare Web Application Firewall United States; United Kingdom GDPR Statement, Privacy Shield, DPA with SCC
NewRelic Application Analytics, System Health and Monitoring United States GDPR Statement, Tier III, SOC2 Certified, Privacy Shield (section 7), DPA with SCC
MailGun Email Processing United States GDPR Statement, Security Statement, Privacy Shield, DPA with SCC
ZenDesk Support Helpdesk United States; Europe GDPR Statement, ISO 27001, Privacy Shield, DPA with SCC
Intercom Livechat, User Insights, Documentation Ireland GDPR Statement, Tier 1, SOC 2 Certified , Privacy Shield, DPA with SCC
MailChimp Newsletter, System Maintenance Notifications United States GDPR Statement, SOC 2 Certified, Privacy Shield, GDPR compliant DPA
Veriphy AML (Anti-money laundering) Checks United Kingdom GDPR Statement, Privacy Policy

Payment Processing

AgileCase does not store payment card information. Payment processing is handled directly by the following third parties according to their respective Privacy Policies and Terms of Service.

Entity Name Sub-processing Activities Country Policy
Stripe Outsourced payment management United States; Europe Privacy Policy
GoCardless Outsourced payment management Europe Privacy Policy

Changes to our sub-processor list

Any changes we make to our sub-processor in the future will be posted on this page and the date of update will be shown and the planned start date of any new sub-processor. Please check this page regularly to see any updates or changes to our subprocessors.


If you have any queries in relation to the above Privacy Policy please contact AgileCase at, 22 Montrose Street, Glasgow, Scotland G1 1RE, United Kingdom or by email at