List of Timely's Sub-processors (GDPR)

To support delivery of our Services, Timely Limited ("Timely") may engage and use data processors ("Subprocessors") with access to certain personal information. This page provides important information about the identity, location and role of each Subprocessor we use. 

Terms used on this page, but not explicitly defined, have the meaning outlined in our Terms of Service or the Data Processing Agreement established with you, the customer. If you are a Timely customer and wish to opt-in and sign our additional Data Processing Agreement (DPA), please contact us at

The information shared here is for educational purposes to demonstrate how Timely engages with third-party systems, specifically which providers we use as part of delivering the Timely service to you. It should not be interpreted as offering any additional rights or binding agreements.

What is a Subprocessor?

A subprocessor is an external service or provider that is enlisted by Timely to deliver our service to you. As part of that service delivery, we may be required to share personal information we have collected about you with these providers. 

How do we protect your information?

We take the privacy and security of your personal data very seriously and have strict processes in place to ensure this information is shared securely and only when necessary.

Personal information: We employ Secure Socket Layer (SSL) technology on the collection, storage and processing of all data. All accounts are accessed via secure login with one-way hashing of all passwords. We do not access or share any data unless required to by law or with your permission to help resolve system problems.

Payments: All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. We do not store this information ourselves, instead keeping this with our payment providers who have the highest level of PCI compliance (Find out more about our provider's compliance).

Timely also requires that any third-party services or subprocessors, that we use as part of delivering this service to you, meet the requirements and obligations under GDPR, as well as those requirements of the local authority (NZ).

We have established Data Processing Agreements (DPA's) with all of our providers, to ensure your personal information is collected, stored and processed in a legal/lawful manner. These agreements also meet the criteria under the Privacy Shield framework, which protects the transfer of personal data from the European Union and Switzerland to the United States.

Third parties (Subprocessors)

We've broken the list of processors into relevant sections, to give you greater understanding over how these services have access to your information.

Infrastructure Subprocessors – Service Data Storage

Timely uses the following organisations to store/host/collect Personal Information, or provide other infrastructure that helps with delivery of the Timely Service. These are secure environments that are controlled by the Timely team and are protected by Data Processing Agreements:

Entity Name Purpose Entity Country
Amazon Web Services, Inc. Cloud Service Provider United States
Microsoft Corporation (Microsoft Azure) Cloud Service Provider United States
Google Inc. Cloud Service Provider United States

Service Specific Subprocessors

Timely works with other third-parties to provide specific functions or features within the Timely Service. These providers will have access to relevant personal information (both in an identifiable and anonymous manner) in order to provide their relevant functions. The use of information is limited to the specific purposes we've detailed below:

Entity Name Purpose Entity Country
Twilio, Inc. Cloud-based SMS Notification Services United States
Nexmo Inc. Cloud-based SMS Notification Services United States
SendGrid, Inc Cloud-based Email Notification Services United States
Mailgun Technologies, Inc
Cloud-based Email Notification Services  United States
HelpScout, Inc
Cloud-based Customer Support Services United States
Atlassian, Inc. Cloud-based Customer Support Services Australia, Inc Cloud-based Customer Support Services United States
Slack Technologies, Inc Cloud-based Communication Services United States 
Chargify, LLC Cloud-based Billing Services Various
Autopilot Cloud-based Email Delivery Services United States
Ask Nicely  
Cloud-based Survey Services New Zealand  
TYPEFORM S.L Cloud-based Survey Services Spain
Fullstory, Inc Cloud-based Usability Services United States
Hotjar Ltd Cloud-based Usability Services Malta

Add on integrations

The following subprocessors are third-parties that we offer optional integrations with. Relevant customer data and personal information will be shared with these services as part of delivering the wider Timely Service. These third-parties are engaged directly by you, the account holder, you can enable or disable these features in your account at any time.

Entity Name Purpose Entity Country
Xero Limited Cloud-based Accounting Services
New Zealand
MYOB Group Limited Cloud-based Accounting Services New Zealand, Australia
Intuit, Inc (QuickBooks) Cloud-based Accounting Services Various (New Zealand, Australia, United Kingdom, United States)
Google Inc (Google Calendar, Google Contacts) Cloud-based Services United States
Vend Limited
Cloud-based POS Services New Zealand, Australia, United Kingdom
Spreedly, Inc Cloud-based Payment Services United States
PayPal, Inc; PayPal (Europe) Ltd Cloud-based Payment Services United States, United Kingdom
Stripe, Inc; Stripe Payments Europe, Ltd; Stripe Payments Australia Pty. Ltd Cloud-based Payment Services United States; Ireland; Australia LLC Cloud-based Payment Services United States

Content Delivery Channels

Timely also uses certain providers to assist and support operations under the Timely Services (as described in the Data Processing Agreement).These providers do not have direct access to data that you have shared with us, but we may collect personal information you have shared with us via these services, as part of delivering the wider Timely Service. 

For example: If you contact us for support via our Facebook, Twitter or Instagram page, we will pass on your contact details and questions to other services that we use to provide support (see Service Specific Subprocessors above.

Entity Name Purpose Entity Country(ies)
Automattic (Wordpress) Cloud-based CMS Services United States
Facebook Cloud-based Social Network United States (Virginia and California)
Instagram Cloud-based Social Network United States (Virginia and California)
Twitter Cloud-based Social Network
United States

Changes and updates

As our business grows and evolves, the third-parties and subprocessors that we engage with may also change over time. We will provide the account owner with notice of any changes by sending a notification to the registered account holder's email address, along with posting any changes here. Please check back here to stay in the loop. 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Get in touch with the Support Team Get in touch with the Support Team