This page lists all third-party sub-processors engaged by Thrive Route Digital Limited ("YesHello") to process Personal Data on behalf of YesHello Users in connection with the provision of the Service. This list is maintained in accordance with Section 5 of the Data Processing Addendum.
YesHello will update this page at least thirty (30) days before engaging any new sub-processor. Users who wish to object to a new sub-processor should follow the process described in the Data Processing Addendum.
Current Sub-processors
Sub-processorPurposeLocationNetcup GmbHServer hosting and infrastructureGermanyStripe, Inc.Payment processingUnited States / GlobalGoogle LLC (Google Places / Business Profile API)Google Reviews data retrieval, where enabled by UserUnited States / GlobalGoogle LLC (Google AI / Gemini API)AI-powered content generation and analysis features, where enabled by UserUnited States / GlobalDataForSEOGoogle Reviews data retrieval, where enabled by UserUnited StatesAmazon Web Services, Inc. (Amazon SES)Transactional email deliveryEuropean UnionCal.com, Inc.Embedded scheduling and booking functionality, where enabled by UserUnited States / Global
Notes
Netcup GmbH hosts all YesHello server infrastructure. All primary Personal Data storage occurs on servers located in Germany.
Stripe, Inc. processes payments on behalf of YesHello Users who enable digital product sales or subscriptions. YesHello transmits only non-sensitive transaction references (Stripe event IDs, last four card digits, timestamps) to its own servers. Full payment card data is transmitted directly from the User's or Visitor's browser to Stripe and never passes through YesHello's infrastructure. Stripe acts as an independent controller for the payment data it collects directly.
Google LLC (Google Places / Business Profile API) retrieves publicly available Google Reviews and business data for display on User Cards, where the User has enabled this feature.
Google LLC (Google AI / Gemini API) powers AI content generation and analysis features within the Service. Where AI-powered features are used, content submitted by Users or Visitors may be processed by Google's Gemini API to generate responses or analysis. Users who supply their own Google API key ("BYOK") are subject to Google's terms directly. YesHello does not store AI-generated outputs beyond what is necessary to deliver the feature.
DataForSEO is used as an alternative data source for Google Reviews retrieval, where enabled by the User.
Amazon Web Services, Inc. (Amazon SES) handles all transactional email delivery, including system notifications, account emails, and lead capture notifications. Email delivery is routed through Amazon SES infrastructure located in the European Union. Email addresses and associated metadata (such as delivery timestamps and bounce status) are processed solely for the purpose of delivering transactional communications. Amazon SES does not use this data for advertising or other secondary purposes.
Cal.com, Inc. provides embedded scheduling functionality that Users may enable on their Cards. Where enabled, Visitor booking data (including names, email addresses, and selected appointment times) is processed by Cal.com to facilitate the booking. Cal.com acts as a data processor under its own terms when processing Visitor data submitted through the scheduling widget. Users are responsible for ensuring their privacy notices cover this processing.
Webhooks and Third-party Integrations
When a User configures webhooks to send data to third-party endpoints, those third-party recipients are not sub-processors of YesHello. The User is directing the transfer as Controller, and the third-party recipient processes data under the User's instruction and their own terms.
International Data Transfers
Where Personal Data originating in the European Economic Area, the United Kingdom, or Switzerland is transferred to a sub-processor located outside those regions, YesHello ensures such transfers comply with Applicable Data Protection Law using one or more of the following mechanisms:
European Commission adequacy decision for the recipient country
Standard Contractual Clauses (SCCs) approved by the European Commission
Recipient certification under an approved transfer framework (such as the EU-US Data Privacy Framework)
Any other lawful transfer mechanism recognised under Applicable Data Protection Law
Contact
For questions regarding this sub-processor list or data processing matters:
Thrive Route Digital Limited 21/F CMA Building, 64 Connaught Road Central, Hong Kong Email: [email protected]
This page is available at: https://yeshello.app/page/subprocessors