Last updated: May 2026
Smart Masterkey OÜ engages third-party service providers (“sub-processors”) to help us deliver the Smart MasterKey access-management platform and operate our business. This page lists those sub-processors, the services they provide, where they process personal data, and the applicable safeguards.
We update this list whenever our sub-processors change. Customers with a signed commercial Data Processing Agreement (DPA) are notified of additions or replacements in accordance with the notice period set out in the DPA and may object on reasonable grounds.
To subscribe to updates, email dataprivacy@smartmasterkey.com with the subject line “Sub-processor updates”.
1. Service sub-processors
These sub-processors process personal data on behalf of our customers in connection with delivering the Smart MasterKey platform (web portal, mobile applications, and supporting services).
Sub-processor | Service provided | Processing location | Personal data categories | Transfer mechanism |
|---|---|---|---|---|
Amazon Web Services EMEA SARL (AWS) | Cloud infrastructure: compute, storage, databases, networking | European Union (EEA) | All personal data processed by the platform | N/A (EEA) |
Stripe Payments Europe, Ltd. | Payment processing for paid subscriptions | Ireland (EEA) | Billing contact data, payment method details | N/A (EEA) |
Twilio SendGrid | Transactional email delivery (account, notifications, system messages) | United States | User name, email address, message content | EU Standard Contractual Clauses |
Messente Communications OÜ | SMS delivery (e.g., PIN codes, one-time passwords) | Estonia (EEA) | User name, phone number, message content | N/A (EEA) |
Google LLC (reCAPTCHA) | Bot and abuse protection for sign-up and authentication | United States | IP address, browser metadata | EU Standard Contractual Clauses |
2. Business operations sub-processors
These sub-processors support our internal business operations. They may receive personal data incidentally — for example, names and email addresses included in support correspondence, sales conversations, or account communication.
Sub-processor | Service provided | Processing location | Personal data categories | Transfer mechanism |
|---|---|---|---|---|
Google LLC (Google Workspace) | Business email, document storage, collaboration | EEA / United States | Contact data shared by customers via email | EU Standard Contractual Clauses |
Atlassian Pty Ltd (Jira, Confluence) | Customer support ticketing, internal documentation | EEA / United States | Contact data shared via support requests | EU Standard Contractual Clauses |
HubSpot, Inc. | Marketing automation, CRM, website contact form | United States | Contact data submitted via the website, sales correspondence | EU Standard Contractual Clauses |
3. Notification of changes
We will notify customers of any planned addition or replacement of a service sub-processor at least 30 days before the change takes effect. Notifications are sent to the contact email address on file and are also reflected on this page.
Customers with a DPA in place may object to a proposed change on reasonable grounds within 14 days of notification. We will work in good faith to address the objection, including by proposing alternative arrangements where reasonably possible.
4. International transfers
Where a sub-processor is located outside the European Economic Area (EEA), the transfer is governed by EU Standard Contractual Clauses (Module 3, processor-to-processor) and, where appropriate, additional supplementary measures (such as encryption in transit and at rest, and access controls).
5. Contact
For questions about this page or about our use of sub-processors:
Smart Masterkey OÜ
Email: dataprivacy@smartmasterkey.com
Subject line: Sub-processor enquiry