In this guide you will learn more about sub-processors, and how Timely utilise these as part of running their business. You'll get insight into how we protect your information, as our customers. To learn more about GDPR requirements for you as a business owner, see our guide on Keeping your client's information secure.
What is a sub-processor?
To support delivery of our Services, Timely Limited ("Timely") may engage and use data processors ("Sub-processors") with access to certain personal information. This page provides important information about the identity, location and role of each Sub-processor we use.
A Sub-processor is an external service or provider that is enlisted by Timely to deliver our service to you. As part of that service delivery, we may be required to share personal information we have collected with these providers.
Important note: Terms used on this page, but not explicitly defined, have the meaning outlined in our Terms of Service or the Data Processing Agreement established with you, the customer. If you are a Timely customer and wish to opt-in and sign our additional Data Processing Agreement (DPA), please contact us at privacy@getttimely.com.
The information shared here is for educational purposes to demonstrate how Timely engages with third-party systems, specifically which providers we use as part of delivering the Timely service to you. It should not be interpreted as offering any additional rights or binding agreements.
How do we protect your information?
We take the privacy and security of your personal data very seriously and have strict processes in place to ensure this information is shared securely and only when necessary. Examples include:
Personal information: We employ Secure Socket Layer (SSL) technology on the collection, storage and processing of all data. All accounts are accessed via secure login with one-way hashing of all passwords. We do not access or share any data unless required to by law or with your permission to help resolve system problems.
Payments: All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. We do not store this information ourselves, instead keeping this with our payment providers who have the highest level of PCI compliance (Find out more about our provider's compliance).
Timely also requires that any third-party services or Sub-processors, that we use as part of delivering this service to you, meet the requirements and obligations under GDPR, as well as those requirements of the local authority (NZ).
We have established Data Processing Agreements (DPA's) with all of our providers, to ensure your personal information is collected, stored and processed in a legal/lawful manner. These agreements also meet the criteria under the Privacy Shield framework, which protects the transfer of personal data from the European Union and Switzerland to the United States.
Third party sub-processors
We've broken the list of Sub-processors into relevant sections, to give you greater understanding over how these services have access to your information.
Infrastructure subprocessors – service data storage
Timely uses the following organisations to store/host/collect Personal Information, or provide other infrastructure that helps with delivery of the Timely Service. These are secure environments that are controlled by the Timely team and are protected by Data Processing Agreements:
| Entity name | Purpose | Entity country |
| Amazon Web Services, Inc. | Cloud service provider | United States |
| Microsoft Corporation (Microsoft Azure) | Cloud service provider | United States |
| Google Inc. | Cloud service provider | United States |
Service specific sub-processors
Timely works with other third-parties to provide specific functions or features within the Timely Service. These providers will have access to relevant personal information (both in an identifiable and anonymous manner) in order to provide their relevant functions. The use of information is limited to the specific purposes we've detailed below:
| Entity name | Purpose | Entity countries |
| Twilio, Inc. | Cloud-based SMS notification services | United States |
| Nexmo Inc. | Cloud-based SMS notification services | United States |
| SendGrid, Inc | Cloud-based email notification services | United States |
| Mailgun Technologies, Inc | Cloud-based email notification services | United States |
| HelpScout, Inc | Cloud-based customer support services | United States |
| Atlassian, Inc. | Cloud-based customer support services | Australia |
| Salesforce.com, Inc | Cloud-based customer support services | United States |
| Slack Technologies, Inc | Cloud-based communication services | United States |
| Chargify, LLC | Cloud-based billing services | Various |
| Autopilot | Cloud-based email delivery services | United States |
| Ask Nicely | Cloud-based survey services | New Zealand |
| TYPEFORM S.L | Cloud-based survey services | Spain |
| Fullstory, Inc | Cloud-based usability services | United States |
| Hotjar Ltd | Cloud-based usability services | Malta |
Add on integrations
The following Sub-processors are third-parties that we offer optional integrations with. Relevant customer data and personal information will be shared with these services as part of delivering the wider Timely Service. These third-parties are engaged directly by you, the account holder, you can enable or disable these features in your account at any time.
| Entity name | Purpose | Entity countries |
| Xero Limited | Cloud-based accounting services | New Zealand |
| MYOB Group Limited | Cloud-based accounting services | New Zealand, Australia |
| Intuit, Inc (QuickBooks) | Cloud-based accounting services | Various (New Zealand, Australia, United Kingdom, United States) |
| Google Inc (Google Calendar, Google Contacts) | Cloud-based services | United States |
| Vend Limited | Cloud-based POS services | New Zealand, Australia, United Kingdom |
| Spreedly, Inc | Cloud-based payment services | United States |
| PayPal, Inc; PayPal (Europe) Ltd | Cloud-based payment services | United States, United Kingdom |
| Stripe, Inc; Stripe Payments Europe, Ltd; Stripe Payments Australia Pty. Ltd | Cloud-based payment services | United States; Ireland; Australia |
| Authorize.net LLC | Cloud-based payment services | United States |
Content delivery channels
Timely also uses certain providers to assist and support operations under the Timely Services (as described in the Data Processing Agreement).These providers do not have direct access to data that you have shared with us, but we may collect personal information you have shared with us via these services, as part of delivering the wider Timely Service.
For example: If you contact us for support via our Facebook, Twitter or Instagram page, we will pass on your contact details and questions to other services that we use to provide support (see Service Specific Sub-processors above.
| Entity name | Purpose | Entity countries |
| Automatic (Wordpress) | Cloud-based CMS services | United States |
| Cloud-based social network | United States (Virginia and California) | |
| Cloud-based social network | United States (Virginia and California) | |
| Cloud-based social network | United States |
How can I stay up to date on changes to Sub-processors?
As our business grows and evolves, the third-parties and Sub-processors that we engage with may also change over time. We will provide the account owner with notice of any changes by sending a notification to the registered account holder's email address, along with posting any changes in this help guide.