List of Subprocessors
Version: 1.0
Last updated: 09.07.2026
In accordance with Article 28 GDPR, we list the categories of third-party sub-processors involved in the processing of personal data.
| Subprocessor (category) | Purpose | Data categories |
|---|---|---|
| Development platform / hosting (e.g. Lovable) — TBC | Website development & hosting (move to EU production hosting before launch) | Website & contact data |
| Application backend / data centre — TBC | Client portal and two separate DBs (identification vs. medical) | Identification, health & genetic data |
| Partner laboratories (4–5, EU) | Sequencing and omics analysis of the sample | Biological sample, genetic/omics data |
| Courier company | Transport of the biological sample to the laboratory | Shipment identification data |
| Payment provider (e.g. Stripe/Adyen) — TBC | Payment processing (PCI-DSS with the provider) | Payment & billing data |
| E-mail / archiving (e.g. Microsoft 365) | Communication with client & physician, archiving | Contact data, communication content |
| CRM (shared mailbox → MS Dynamics) — TBC | Contact and communication records | Contact data |
| Notifications (e-mail / SMS) | Process-status and report-delivery notifications | Contact data |
| Web analytics (e.g. Google Analytics) | Website traffic measurement (consent-based) | Cookies, technical data |
| Cookie management tool — TBC | Cookie consent management | Cookies, consent record |
| AI / ML compute (local LLM) | Omics data analysis (no third-party APIs) | Pseudonymised data |
| Microsoft (Entra ID / 365) | Identity, access and productivity | Identification & access data |
| Expert subcontractors (oncologist, biologist, bioinformatician) | Expert analysis and report preparation | Health & genetic data |
| Legal, tax, accounting & audit services | Legal and operational obligations | Billing & contract data |
