Transparency: UniCMMS uses a limited number of trusted third-party providers to deliver our Services. This page lists all sub-processors who may process Customer Data on our behalf.
1. Overview
UniCMMS ("Provider") engages certain third-party service providers ("sub-processors") to assist in delivering the Services. Each sub-processor is subject to data processing agreements and is required to implement appropriate technical and organizational measures to protect Customer Data.
This list is maintained in accordance with our obligations under the General Data Protection Regulation (GDPR) Article 28 and equivalent data protection laws. We update this list whenever we add, change, or remove sub-processors.
2. Notification of Changes
We will provide at least 30 days' advance notice of any material changes to our sub-processor list via email notification to Customer administrators. Customers who have signed a Data Processing Agreement (DPA) may object to new sub-processors within this notice period.
3. Current Sub-Processors
3.1 Infrastructure & Hosting
| Provider | Location | Purpose |
|---|
| Microsoft Azure | Canada East (primary), Canada Central (backup) | Cloud infrastructure, compute, storage, databases, networking |
| Azure CDN / Front Door | Global | Content delivery network, DDoS protection, global load balancing |
| Azure Blob Storage | Canada East | File and attachment storage for customer uploads |
3.2 Database & Data Services
| Provider | Location | Purpose |
|---|
| Azure SQL Database | Canada East | Primary relational database for application data |
| Azure Cache for Redis | Canada East | Session caching and performance optimization |
| Azure Service Bus | Canada East | Asynchronous messaging and background job processing |
3.3 Email & Communications
| Provider | Location | Purpose |
|---|
| SendGrid (Twilio) | United States | Transactional email delivery (notifications, invitations, reports) |
| Twilio | United States | SMS notifications for critical alerts (optional feature) |
3.4 Identity & Authentication
| Provider | Location | Purpose |
|---|
| UniCMMS Identity Service | Canada East | User authentication, tenant management, SSO (internal service) |
| Azure Active Directory B2C | Canada | Enterprise SSO and external identity federation |
3.5 Monitoring & Reliability
| Provider | Location | Purpose |
|---|
| Azure Application Insights | Canada East | Application performance monitoring and error tracking |
| Azure Monitor / Log Analytics | Canada East | Infrastructure monitoring and alerting |
| Sentry | United States | Frontend error tracking (anonymized; no personal data) |
3.6 Payment Processing
| Provider | Location | Purpose |
|---|
| Stripe | United States | Payment processing, subscription management, invoicing |
3.7 Customer Support
| Provider | Location | Purpose |
|---|
| Intercom | United States | In-app customer support chat and help center |
| Zendesk | United States | Support ticket management for enterprise customers |
3.8 Analytics (Website Only)
| Provider | Location | Purpose |
|---|
| Google Analytics | United States | Website traffic analytics (anonymized; no Customer Data) |
| Plausible Analytics | European Union | Privacy-friendly website analytics (no personal data collected) |
4. Data Transfer Safeguards
For sub-processors located outside the European Economic Area (EEA), UniCMMS ensures appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules where maintained by the sub-processor
- Certification frameworks such as EU-US Data Privacy Framework
5. Customer Rights
Customers may request a copy of the relevant data processing agreements with sub-processors by contacting privacy@unicmms.com. Enterprise customers with a signed DPA may object to new sub-processors within the 30-day notice period.
6. Questions
For questions about our sub-processors or data processing practices:
Email: privacy@unicmms.com
