Last updated: March 2025
To support delivery of our Services, Virtual Vaults may engage and use data processors with access to certain client data (each, a "Subprocessor"). This page provides you with information about the identity and location of each Subprocessor.
Virtual Vaults currently uses third party Subprocessors to provide infrastructure services, and to help us provide customer support and send out email and/or SMS notifications. Before engaging any third party Subprocessor, Virtual Vaults performs an audit in order to evaluate their privacy, security and confidentiality practices.
Data that is uploaded by our customers is only processed by our primary Subprocessor. Data is only processed in the region that is chosen by the customer.
# |
Supplier |
Legal entity |
Activities |
Security compliance |
Data storage location |
Protection data transfers outside EU |
1 |
Microsoft |
Microsoft Ireland Operations Ltd. |
Primary hosting service. Data that is uploaded by customers is only stored here. |
ISO/IEC 27001:2013 ISO/IEC 27017:2015 SOC 1 type II SOC 2 type II SOC 3 HIPAA / HITECH Baseline Informatiebeveiliging Rijksdienst standard (BIR 2012) |
EU GB DE |
Standard Contractual Clauses |
These Subprocessors do not have access to data that is uploaded by our customers. Virtual Vaults ensures that all Subprocessors comply with the European privacy laws.
2 |
Sendgrid |
Twilio Ireland Ltd. |
Sending emails |
SOC2 Type II PCI-DSS |
International |
Binding Corporate Rules Standard Contractual Clauses |
3 |
Twilio |
Twilio Ireland Ltd. |
Sending SMS and making phone calls |
ISO/IEC 27001 ISO/IEC 27017 ISO/IEC 27018 Cloud Security Alliance APEC CBPR & PRP Participation |
International |
Binding Corporate Rules Standard Contractual Clauses |
4 |
Zendesk |
Zendesk Inc. |
Support application |
SOC 2 Type II ISO 27001:2013 ISO 27018:2014 ISO 27701:2019 FedRAMP LI-SaaS PCI-DSS HIPAA HDS |
EU |
n.a. |
5 |
Templafy |
Master It Solutions BV |
E-mail signature solution |
ISO/IEC 27001 ISO/IEC 27017 SOC 2 type II SOC 3 |
EU |
n.a. |
6 |
Userpilot |
Userpilot Inc. |
User onboarding application |
SOC 2 type II
|
EU |
n.a. |
7 |
Signal Sciences |
Fastly Inc. |
Web application firewall |
ISO/IEC 27001:2013 SOC 2 type II PCI DSS HIPAA |
US |
Standard Contractual Clauses |
If you are a current Virtual Vaults customer with an active data processing agreement in place, you may subscribe to receive notifications whenever there's a change to this list of Subprocessors. You have the right to submit a written objection in the event that we appoint a new Primary Subprocessor, or if the Primary Subprocessor's data processing activities are relocated outside of the EEA. Please send your written objections to legal@virtualvaults.com within 14 days of receiving such notification. Should you object, you are entitled to terminate your agreement within this 14-day period.