Skip to main content
All CollectionsAbout The Hero Platform
About The Hero Platform: Review the sub-processors we work with to deliver our software service to you
About The Hero Platform: Review the sub-processors we work with to deliver our software service to you

Read about the sub-processors that we work with to deliver the Hero service

Updated over 2 months ago

Sub-processors

When providing software services to you, for the patient data you enter within the platform, you are the Data Controller and we are the Data Processor.

To deliver our service, there are occasions where we use sub-contractors (known as sub-processors). Sub-processors may potentially have access to or process personal data of patients you've interacted with when using the Hero platform.

This page sets out the Sub-processors we use, for what function/s we use them, and how they help us to deliver our services.

Please note, this webpage should not be taken as a binding agreement. The information provided here is to illustrate our engagement process for sub-processors and the actual list of third party sub-processors.

Selecting our sub-processors

We evaluate the security practices of our Sub-processors that will or may process Personal Data to ensure they have acceptable security, privacy and confidentiality practices.

Our Sub-processor contracts ensure that Sub-processors will:

  • Implement and maintain technical and organisational measures to protect Personal Data

  • Provide regular training in security and data protection to personnel to whom they grant access to Personal Data

  • Promptly inform us about any actual or potential security breach

  • Co-operate with us to respond to requests from data controllers, data subjects or data protection authorities on your instructions

Updating our sub-processors

From time to time we may update or add suppliers to our list of sub-processors. As per the DPA, we will give you 14 days notice for you to object to your Personal Data being processed by the proposed changes to our sub-processors list.

Our standard sub-processors (last updated 11th October 2024)

The list of sub-processors we engage to help us deliver services to NHS and private providers. We may process patient identifiable data through these providers:

Sub-processor

Purpose of Processing Personal Data

Server Geography

Applicable Features

Amazon Web Services, Inc.

Cloud hosting

UK

Entire app

FireText Communications Ltd

Clinician to patient SMS

UK

Messaging, Batch messaging

Microsoft 365

Clinician to patient email

UK

Messaging, Batch messaging

Egress Software Technologies Ltd.

Secure clinician to patient email

EEA

Messaging

Whereby Ltd.

Video consultations

EEA

Video

Papertrail (SolarWinds Worldwide, LLC)

Log management

EEA

Entire app

Heroku (Salesforce, Inc.)

Cloud platform as a service (PaaS) that supports several programming languages

EEA

Hosting services

New Relic, Inc.

Software analytics company providing insights into application performance

EEA

Production monitoring tools

Kinde

Secure sign-in service

UK

Admin Sign-in

Google, Inc.

Web analytics service

EEA

Marketing/Analytics

Vercel

Cloud hosting

UK

Hosting services

Rollbar

Error logging

EU

Production monitoring tools

CloudGateway

HSCN connectivity

UK

Networking infrastructure

Posthog

App monitoring

EU

Production monitoring tools

Our private practice sub-processors (last updated 18th March 2024)

The list of additional sub-processors we engage to help us deliver our services to only our private providers. We may process patient identifiable data through these providers:

Sub-processor

Purpose of Processing Personal Data

Server Geography

Applicable Features

Twilio Inc. [Optional]

Clinician to patient SMS and automated SMS

US

Messaging, Batch messaging, Invoicing

Signature Healthcare services Limited

Electronic prescription service

UK

Private Prescribing

Our processors (last updated 26th April 2024)

Where Hero Doctor Limited is the Data Controller, we work with additional sub-processors. These sub-processors won't have visibility of patient identifiable data.

These sub-processors may be able to see data for which Hero Doctor is the data controller. This could include a limited set of data on Hero administrators or practitioners. Example use cases would be where we store identifiable data to manage our customer relationships or understand how our services are used. The list of processors is:
โ€‹

Sub-processor

Purpose of Processing Personal Data

Server Geography

Applicable Features

Intercom UK Ltd.

Customer messaging platform

EU

User engagement/ customer support

Attio

Customer management and data visualisation

UK

Customer support, Commercial

Metabase

Data analytics

EU

Support/Analytics

Did this answer your question?