Last updated: April 2023

To support delivery of our Services, Virtual Vaults may engage and use data processors with access to certain client data (each, a "Subprocessor"). This page provides you with information about the identity and location of each Subprocessor.

Virtual Vaults currently uses third party Subprocessors to provide infrastructure services, and to help us provide customer support and send out email and/or SMS notifications. Before engaging any third party Subprocessor, Virtual Vaults performs an audit in order to evaluate their privacy, security and confidentiality practices.

Primary Subprocessor

Data that is uploaded by our customers is only processed by our primary Subprocessor. Data is only processed in the region that is chosen by the customer.

# 

Supplier 

Legal entity 

Activities 

Security compliance 

Data storage location 

Protection data transfers outside EU 

Microsoft 

Microsoft Ireland Operations Ltd. 

Primary hosting service. Data that is uploaded by customers is only stored here. 

ISO/IEC 27001:2013  

ISO/IEC 27017:2015  

SOC 1 type II 

SOC 2 type II 

SOC 3 

HIPAA / HITECH 

Baseline Informatiebeveiliging Rijksdienst standard (BIR 2012) 

EU

GB

DE

Standard Contractual Clauses 

 

Supporting Subprocessors

These Subprocessors do not have access to data that is uploaded by our customers. Virtual Vaults ensures that all Subprocessors comply with the European privacy laws.

Sendgrid 

Twilio Ireland Ltd. 

Sending emails

SOC2 Type II 

PCI-DSS 

International 

Binding Corporate Rules 

Standard Contractual Clauses 

Twilio 

Twilio Ireland Ltd. 

Sending SMS and making phone calls

ISO/IEC 27001 

ISO/IEC 27017 

ISO/IEC 27018 

Cloud Security Alliance 

APEC CBPR & PRP Participation 

International 

Binding Corporate Rules 

Standard Contractual Clauses 

Zendesk 

Zendesk Inc. 

Support application

SOC 2 Type II 

ISO 27001:2013 

ISO 27018:2014 

ISO 27701:2019 

FedRAMP LI-SaaS 

PCI-DSS 

HIPAA 

HDS 

EU 

n.a.

Templafy 

Master It Solutions BV 

E-mail signature solution

ISO/IEC 27001 

ISO/IEC 27017 

SOC 2 type II 

SOC 3 

EU 

n.a.

Appcues 

Appcues Inc. 

User onboarding application

SOC 2 type II 

 

US 

Standard Contractual Clauses 

7

Signal Sciences 

Fastly Inc. 

Web application firewall 

ISO/IEC 27001:2013 

SOC 2 type II 

PCI DSS 

HIPAA 

US 

Standard Contractual Clauses 

 

If you are a current Virtual Vaults customer with an active data processing agreement in place, you may subscribe to receive notifications whenever there's a change to this list of Subprocessors. You have the right to submit a written objection in the event that we appoint a new Primary Subprocessor, or if the Primary Subprocessor's data processing activities are relocated outside of the EEA. Please send your written objections to legal@virtualvaults.com within 14 days of receiving such notification. Should you object, you are entitled to terminate your agreement within this 14-day period.