Sub-Processor List
Last Updated: 06/05/2026
This Sub-Processor List identifies the third-party entities (each a "Sub-Processor") that BookedSolid Ltd ("BookedSolid") engages to process Personal Data in connection with the delivery of its Services. This List is incorporated into and forms part of the BookedSolid Data Processing Agreement (the "DPA") between BookedSolid and each Client, and must be read in conjunction with Section 6 (Sub-Processors) of the DPA.
Capitalised terms used in this List have the meanings set out in the DPA unless otherwise defined herein. "Patient Personal Data" means Personal Data relating to the patients of Client's clinic (including Special Category health data). "Account Data" means Personal Data pertaining to natural persons given access to administration functions of the Service by the Client (i.e. clinic staff and administrators).
Categorisation and Notice Regimes
Sub-Processors are split into two categories based on the nature of the Personal Data they process. Different advance-notice regimes apply to changes affecting each category, reflecting the different sensitivity of the Personal Data concerned.
Category A — Sub-Processors processing Patient Personal Data (including Special Category health data).
For any addition, replacement, or material change of scope affecting a Category A Sub-Processor, BookedSolid will provide the Client with at least twenty (20) days' advance written notice, in accordance with Section 6 of the DPA. Client objection and termination rights during the 20-day period apply as set out in Section 6.
Category B — Sub-Processors processing only Account Data (clinic-staff Personal Data).
For any addition, replacement, or material change of scope affecting a Category B Sub-Processor, BookedSolid will provide the Client with reasonable advance notice via the alert mechanism within the BookedSolid admin portal. By using the Services, each Client agrees that the admin-portal alert mechanism constitutes an adequate notification mechanism for Category B Sub-Processor changes, given that Category B Sub-Processors do not process Patient Personal Data or Special Category data.
Operational Emergency engagements (whether Category A or Category B) continue to be governed by the Operational Emergency provisions in Section 6 of the DPA.
Category A — Sub-Processors Processing Patient Personal Data
20-day advance written notice applies to any change affecting a sub-processor listed in this Category A table.
| Sub-Processor | Legal Entity | Location | Role | Transfer Mechanism |
|---|---|---|---|---|
| Twilio | Twilio Inc. | USA | SMS and voice telephony — inbound/outbound patient communications | UK Extension to EU-US DPF; UK IDTA additionally in place |
| WhatsApp Business (Meta) | Meta Platforms, Inc. | USA (Ireland EU nexus) | WhatsApp Business API — patient messaging channel | UK Extension to EU-US DPF; UK Addendum to EU SCCs in place |
| Render | Render Services, Inc. | USA (EU region data centre for production) | Application hosting infrastructure (IaaS) — runs the BookedSolid platform | UK Extension to EU-US DPF; UK IDTA additionally in place |
| MongoDB Atlas | MongoDB, Inc. | USA (Ireland / AU regional data centres) | Primary application database for patient and clinic data | UK Extension to EU-US DPF; UK IDTA additionally in place |
| OpenAI | OpenAI, OpCo, LLC | USA | Primary large language model (LLM) service — AI receptionist responses | UK IDTA; DPF certified |
| Anthropic | Anthropic, PBC | USA | Hot-failover large language model (LLM) service — AI receptionist responses | UK IDTA; DPF certified |
| Deepgram | Deepgram, Inc. | USA | Real-time speech-to-text transcription of patient voice calls | EU SCCs with UK Addendum |
| ElevenLabs | Eleven Labs, Inc. | USA | Text-to-speech (TTS) synthesis for patient-facing voice responses | UK IDTA; DPF certified |
| Cloudinary | Cloudinary Ltd | USA | Media storage including patient voice-call recordings | UK IDTA; DPF certified |
| Pinecone | Pinecone Systems, Inc. | USA | Vector database for AI/ML functionality (embeddings derived from patient content) | UK IDTA; DPF certified |
| Cloudflare | Cloudflare, Inc. | USA | Content delivery network, DDoS protection and Web Application Firewall (WAF) — sits in the traffic path for all patient-facing data flows | UK IDTA |
Category B — Sub-Processors Processing Only Clinic-Staff Personal Data
Admin-portal alert mechanism applies to any change affecting a sub-processor listed in this Category B table. Client consents to the admin-portal alert as adequate notice by using the Services.
| Sub-Processor | Legal Entity | Location | Role | Transfer Mechanism |
|---|---|---|---|---|
| Google Workspace | Google LLC | Ireland / USA | Identity provider (SSO), staff email, and document collaboration — BookedSolid internal use and clinic-administrator account access | UK Extension to EU-US DPF; EU SCCs for non-DPF legs |
| Stripe | Stripe, Inc. | USA | Subscription billing for clinic clients — tokenised payment card processing only | UK IDTA; DPF certified |
| Monday.com | Monday.com Ltd | Israel (US sub-processors) | CRM and customer-support ticket management — clinic-administrator contacts and support workflows | UK Addendum to EU SCCs; Monday.com Ltd is additionally a member of the UK Extension to the EU-US DPF (HR and non-HR data). UK→Israel leg covered by UK adequacy regulations. |
| Brevo | Sendinblue SAS | France (US sub-processors) | Email marketing platform — marketing communications to clinic decision-makers and prospects | UK adequacy (UK→France leg). Onward transfers from Sendinblue SAS to US sub-processors are covered by EU Standard Contractual Clauses per the Brevo DPA. |
| Featurebase | CORDNET OÜ | Estonia (US sub-processors) | Customer feedback intake, feature-request tracking, and public roadmap — clinic-user feedback | UK adequacy (UK→Estonia leg). US sub-processor leg covered by EU SCCs with UK Addendum. |
| PostHog | PostHog, Inc. | USA | Product analytics and session recording on the BookedSolid admin dashboards — clinic-administrator interactions with BookedSolid staff-facing interfaces only. Does not process Patient Personal Data. | UK Addendum to EU SCCs (UK Personal Data); EU SCCs (Module 2) for EU Personal Data. PostHog Inc. is a member of the EU-US DPF, the UK Extension to the Framework, and the Swiss-US DPF (belt-and-braces alongside SCCs). |
International Transfer Mechanisms — Summary
The transfer-mechanism descriptions in the tables above are consistent with BookedSolid's overall transfer-mechanism framework set out in Section 7 of the DPA. Where a Sub-Processor participates in the EU-US Data Privacy Framework (DPF) and the UK Extension, BookedSolid additionally secures Standard Contractual Clauses (EU SCCs and / or the UK Addendum) on a belt-and-braces basis. Transfer Risk Assessments for UK→USA transfers are maintained by BookedSolid and available to Clients on request.