Subprocessor List
Last updated 6 April 2026
Uku Viam OÜ engages the third-party subprocessors listed below to assist in providing the Uku Services. Each subprocessor is contractually bound by data protection obligations no less protective than those in our Data Processing Agreement.
We review our subprocessor list as part of our quarterly internal SOC 2 review and notify customers of any intended addition or replacement of a subprocessor in connection with that review, giving them the opportunity to object on reasonable grounds related to data protection. Notifications are sent by email and reflected on this page.
Infrastructure providers
| Subprocessor | Location | Data types | Purpose |
|---|---|---|---|
| Akamai / Linode | EU Germany | Customer data, application data | Cloud hosting and computing |
| Microsoft Azure | EU Ireland | Customer documents and files | Document repository services |
| Google Cloud Platform | Non-EU United States & EU | Customer emails | Email services |
Communication services
| Subprocessor | Location | Data types | Purpose |
|---|---|---|---|
| Microsoft | EU Ireland | Email communications | Email services |
| Mailchimp | Non-EU United States | Email addresses, names | Email services |
| Google Workspace | Non-EU United States & EU | Email addresses, names | Internal and external communication |
| Intercom | Non-EU United States | Customer names, emails, chat data | Customer support and live chat |
| Pipedrive | EU Estonia | Customer contact data, sales data | Sales CRM |
| Braintree (PayPal) | EU Luxembourg | Payment information | Payment processing |
Development and operations
| Subprocessor | Location | Data types | Purpose |
|---|---|---|---|
| Bitbucket | Non-EU United States | Source code, development artefacts | Code management and version control |
| Sentry | Non-EU United States | Application logs, error data | Server and application monitoring |
| Slack | Non-EU United States | Internal communications, ticket data | Internal team communication |
Data processing details
Data categories by subprocessor
The categories of Personal Data processed by our subprocessors fall into three groups:
- Customer data (Personal Data within the meaning of GDPR Article 4) is processed by Akamai / Linode, Microsoft Azure, and Google Cloud Platform for the purpose of service delivery.
- Payment data is processed by Braintree (PayPal) for the purpose of payment processing.
- Operational data, such as application logs, is processed by Akamai / Linode for the purpose of system monitoring.
Security measures
All subprocessors are required to implement appropriate technical and organisational measures, including:
- Encryption of Personal Data in transit and at rest
- Regular security assessments
- Incident notification procedures
- Staff training on data protection
- Appropriate access controls
Endpoint security
Uku relies on macOS built-in security features rather than third-party antivirus software for endpoint protection. The following controls are enforced across all team devices:
- XProtect — built-in anti-malware protection automatically updated by Apple
- Gatekeeper — application verification and code-signing enforcement
- System Integrity Protection (SIP) — protection of critical system files
- Automatic security updates — enforced across all team devices
- FileVault — full disk encryption on all MacBook devices
Security events are monitored through macOS Console and unified logging, and security configurations are enforced through device management policies. Compliance with security updates is verified regularly.
Legal basis for processing
- GDPR Article 6(1)(b) — performance of contract with the data subject
- GDPR Article 6(1)(f) — legitimate interests for service improvement
- GDPR Article 28 — written processor agreements in place with each subprocessor
Data transfer mechanisms
- Adequacy decisions — EU-based processors are preferred where feasible.
- Standard Contractual Clauses (SCCs) — applied for transfers to subprocessors outside the EU/EEA where no adequacy decision exists, together with supplementary measures where required.
- Certifications — ISO 27001 and SOC 2 compliance of subprocessors is verified where applicable.
Notification of changes
Customers will be notified of subprocessor changes through:
- Email notification as part of the Processor's quarterly internal SOC 2 review cycle
- Update of this page at getuku.com/legal/subprocessors
- Notification within the customer portal
Contact
For questions about subprocessors or data processing:
- General inquiries: privacy@getuku.com
- Data Protection Officer: dpo@getuku.com
Last updated 6 April 2026 · Uku Viam OÜ · Registry code 11176647 · Tondi 27, 11316 Tallinn, Estonia
Get started with Uku today.
Elevate your efficiency with Uku, the powerful yet easy-to-use accounting practice management software.
Try free for 14 days
“Let’s create a dream, where the team is happy, clients are well served and profits are fair.
Rain Allikvee / Uku’s co-founder