Hesk Cloud Subprocessor List
Effective date: 1 January 2026
Version: 2.0
This Subprocessor List identifies third-party providers that Hesk uses to provide, secure, bill, maintain, improve, and support Hesk Cloud. It forms part of the Hesk Cloud Data Processing Agreement and should be read together with the Hesk Cloud Terms of Service and Privacy Policy.
1. Subprocessor authorization and notice
By using Hesk Cloud, customers give Hesk general authorization to engage the subprocessors listed below.
Hesk uses a commercially reasonable selection process to evaluate the security, privacy, and data-protection practices of subprocessors that may process Customer Personal Data. Hesk requires subprocessors to maintain appropriate safeguards and data-protection obligations consistent with the Hesk Cloud Data Processing Agreement, to the extent applicable to their services.
Hesk will use reasonable efforts to provide at least fourteen (14) days' notice before authorizing a new subprocessor to process Customer Personal Data, which may be given by updating this list. Customers may object to a new subprocessor on reasonable data-protection grounds as described in the Hesk Cloud Data Processing Agreement.
2. Current subprocessors
| Provider | Purpose | Locations / safeguards |
|---|---|---|
| Linode / Akamai | Cloud hosting, servers, storage, computing infrastructure, networking, security, and related support. | Provider regions and infrastructure selected or used by Hesk. Processing may include EEA and non-EEA locations. Where required, transfers are protected by lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, or other mechanisms permitted by law. |
| Amazon Web Services (AWS) | Cloud hosting, backup, storage, security, and related cloud services. | AWS regions and infrastructure selected or used by Hesk. Processing may include EEA and non-EEA locations. Where required, transfers are protected by lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, or other mechanisms permitted by law. |
| PayPro Global | Billing, checkout, order processing, invoicing, tax handling, payment support, and subscription administration. | Provider locations used to process billing, payments, tax, and support. Where required, transfers are protected by lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, or other mechanisms permitted by law. |
| PayPal | Payment processing, payment confirmation, refunds, fraud prevention, and payment support. | Provider locations used to process payments, prevent fraud, and comply with legal obligations. Where required, transfers are protected by lawful transfer mechanisms such as adequacy decisions, standard contractual clauses, or other mechanisms permitted by law. |
3. Notes
- Not every subprocessor processes all Customer Personal Data.
- Payment processors may act as independent controllers for certain payment-related data they process under their own terms and legal obligations.
- The providers listed above may use their own affiliates, infrastructure, data centers, and subprocessors to provide their services.
- Customer Personal Data may be transferred to or accessed from countries outside the EEA where necessary. Appropriate safeguards are used where required, as described in the Hesk Cloud Data Processing Agreement.
4. Updates
Hesk may add, replace, or remove subprocessors for legitimate business reasons, including security, performance, reliability, availability, compliance, cost, support, and service improvement. The current version of this list will be made available on the Hesk website or knowledgebase. Continued use of Hesk Cloud after an update is subject to the customer's objection rights under the Hesk Cloud Data Processing Agreement.
For questions about this list, please use our contact page.