Sub-processors (Vendors)
Last updated: December 10, 2025
We use a small set of trusted, GDPR-compliant sub-processors to deliver the Simpleclass service. Institutions are notified at least 30 days in advance before we add or replace a sub-processor (email and/or in-app notice). If your Institution reasonably objects, you may terminate before the change takes effect and receive a pro-rated refund of prepaid fees (see Terms §8.2).
| Vendor | Purpose / Service | Types of Personal Data | Primary Processing Location | International Transfers | Docs |
|---|---|---|---|---|---|
| Scaleway | EU cloud infrastructure (compute, storage, networking) for hosting application services and media infrastructure. | Account identifiers; technical logs (IPs, timestamps); session metadata; content storage (e.g., recordings) where enabled by the Institution. | EEA | Not expected. If required, Standard Contractual Clauses (SCCs) will apply. | Privacy |
| OVHcloud | EU hosting & networking (e.g., servers, DNS, TURN) supporting platform availability and connectivity. | Account identifiers; technical & security logs (IPs, timestamps); session connectivity metadata. | EEA | Not expected. If required, Standard Contractual Clauses (SCCs) will apply. | Privacy |
| Mailjet (by Sinch) | Transactional email delivery (account verification, password reset, billing & service notices). | Names (Admin/Teacher), email addresses; message metadata (timestamps, delivery); minimal content required for notifications. | EEA | Not expected. If required, Standard Contractual Clauses (SCCs) will apply. | Privacy |
| Mollie | Payment processing for subscription billing and one-time purchases. | Email addresses; transaction data (amounts, dates, payment method, status); billing identifiers. | EEA (Netherlands) | Not expected. If required, Standard Contractual Clauses (SCCs) will apply. | Privacy |
Notes:
- We remain the data controller for admin/billing and security data, and the data processor for Institution-managed content and user data (see Privacy & Terms).
- We minimize personal data shared with vendors and sign DPAs with appropriate technical and organizational measures (TOMs).
- Backups: typically retained up to 90 days; security logs up to 180 days (see Privacy).
- For questions or to request a copy of our DPA: [email protected].