Sub-Processors
Last Updated: March 2025
Uonyx may engage trusted third-party service providers ("Sub-Processors") to assist in delivering and supporting the Services. These providers perform specific, limited processing activities on behalf of Uonyx and are contractually required to implement appropriate technical and organisational security safeguards consistent with applicable data protection laws.
Uonyx requires all Sub-Processors to process personal data only for the purposes described below, in accordance with applicable data protection laws, and consistent with the commitments described in the Uonyx Data Processing Agreement (available at https://uonyx.com/legal/dpa).
All Sub-Processors are bound by written data processing agreements that impose data protection obligations materially equivalent to those set out in Uonyx's Data Processing Agreement, consistent with GDPR Article 28(4).
Current Sub-Processors
This list reflects Sub-Processors currently engaged by Uonyx as of the Last Updated date shown below. Uonyx will update this page when Sub-Processors are added, modified, or removed. Enterprise customers may subscribe to email notifications of changes by contacting privacy@uonyx.com.
| Sub-Processor | Service / Purpose | Data Categories Processed | Processing Location |
|---|---|---|---|
| Cloud Infrastructure | |||
| Amazon Web Services (AWS) | Cloud infrastructure, compute, database, storage, networking, content delivery, key management, and security services underpinning the entire Uonyx platform. | All Customer Data hosted on the Uonyx platform, including business data, system metadata, backups, and logs. | United States (us-east-1, us-west-2) |
| Amazon Simple Notification Service (AWS SNS) | Cloud-based managed messaging and notification infrastructure used for system alerts, event-driven notifications, and SMS delivery. | Phone numbers, notification message content, device tokens for push notifications, message routing metadata. | United States (AWS infrastructure) |
| Email Delivery | |||
| Postmark | Transactional email delivery for system-generated messages including account notifications, password resets, authentication emails, workflow alerts, and customer communications. | Email addresses, display names, notification and message content, delivery metadata (subject, timestamp, delivery and open status). | United States |
| Mailgun | Email delivery infrastructure and API services for transactional and platform-generated notifications, onboarding communications, and system alerts. | Email addresses, display names, message content, delivery metadata (subject, timestamp, delivery status, click and open events where tracking is enabled). | United States |
| Messaging / SMS | |||
| Twilio | SMS messaging and communication API services for multi-factor authentication (MFA), one-time passcodes (OTP), system alerts, and automated platform notifications. | Phone numbers, one-time passcodes (OTP), SMS message content, messaging metadata (timestamp, delivery status, carrier routing data). | United States |
| Vonage (Ericsson) | Communication APIs and messaging infrastructure for SMS delivery, authentication messages, and multi-channel notification services. | Phone numbers, message routing metadata, delivery status records. | Global (primary infrastructure: United States and European Union) |
| MessageBird (Bird) | Omnichannel messaging and SMS infrastructure for customer notifications, authentication messages, and platform communication workflows. | Phone numbers, one-time passcodes (OTP), message content, messaging metadata (timestamp, delivery status, channel type). | Netherlands / Global |
Notification of Changes
Uonyx will provide advance notice of material changes to this Sub-Processor list in accordance with the procedures described in Section 6.2 of the Data Processing Agreement. Advance notice of not less than fourteen (14) calendar days will be provided before any new Sub-Processor is engaged in the processing of Customer Personal Data.
To subscribe to Sub-Processor change notifications, please contact privacy@uonyx.com or submit a request through the Uonyx privacy portal.
Objection Rights
Customers who have executed a Data Processing Agreement with Uonyx retain the right to reasonably object to the engagement of a new Sub-Processor for legitimate and documented data protection reasons, in accordance with Section 6.3 of the Data Processing Agreement. Objections must be submitted in writing to privacy@uonyx.com within seven (7) calendar days of the relevant Sub-Processor notification.
International Data Transfers
Where Sub-Processors are located outside the European Economic Area (EEA), the United Kingdom, or Switzerland, Uonyx ensures that appropriate lawful transfer mechanisms are in place, including:
- European Commission Standard Contractual Clauses (EU SCCs — Commission Decision 2021/914);
- UK International Data Transfer Addendum (UK IDTA) issued by the Information Commissioner's Office;
- Swiss Federal Data Protection Commissioner-recognised transfer mechanisms; or
- Adequacy decisions, including the EU-US Data Privacy Framework where applicable.
Safeguards Applied to All Sub-Processors
Uonyx applies the following safeguards to all Sub-Processor relationships:
- All Sub-Processors are bound by written data processing agreements containing GDPR Article 28-equivalent data protection obligations.
- Sub-Processors are prohibited from using Customer Personal Data for their own commercial purposes, advertising, or product development without Customer's explicit prior written consent.
- Communication Sub-Processors (email delivery and SMS/messaging providers) are granted access only to the minimum data required to deliver individual messages — specifically recipient addresses or phone numbers, message content as generated by the platform, and delivery metadata. They do not have access to broader Customer Data stored within the Uonyx platform.
- Uonyx conducts due diligence on Sub-Processors before engagement, including review of security certifications, data protection practices, and applicable audit reports.
- Uonyx retains ongoing responsibility to Customer for the acts and omissions of its Sub-Processors.
For questions regarding Sub-Processors, data protection practices, or to request notification of changes to this list, please contact:
| Privacy enquiries | privacy@uonyx.com |
|---|---|
| Security enquiries | security@uonyx.com |
| Legal notices | legal@uonyx.com |
| Postal address | Uonyx, 7421 Edinger Ave, Huntington Beach, CA 92647, United States |