Articles on: Data Security

Mesma Software Sub-Processors

Our Sub-Processors and GDPR Compliance


As a responsible SaaS provider, we take the security and privacy of your data seriously. In delivering our services, we use a number of trusted third-party providers (sub-processors) to ensure reliability, scalability, and advanced functionality. These sub-processors process personal data only on our instructions and in compliance with GDPR requirements.


Sub-Processors We Use


Our current key sub-processors include:


  • Microsoft Azure – Hosts and manages the infrastructure for our SaaS platform. Azure provides high-level security, encryption, and compliance certifications.
  • Microsoft OpenAI – Powers AI-driven features within our platform, processing data solely in line with customer instructions.
  • Auth0 – Manages authentication and user identity securely, including login credentials and access tokens.
  • Crisp – Provides live chat and customer support functionality. Personal data processed by Crisp is limited to your communications with support agents.
  • SendGrid – Facilitates email notifications and transactional messaging. Personal data processed includes email addresses and message content necessary for service delivery.


All of these sub-processors act strictly as processors on our behalf, meaning they do not determine the purpose or means of processing your data; we control how and why data is processed.


How We Manage Sub-Processors


To ensure GDPR compliance, we have implemented the following processes:


  1. Formal Sub-Processor List:

We maintain a current list of all sub-processors (as above), including their role and the types of personal data they process. This list is available to our customers on request.


  1. Notification and Objection Process:

We notify our customers in advance of any additions or changes to sub-processors. Customers have the right to object to new sub-processors, and in such cases, we work collaboratively to find a compliant solution.


  1. Contractual Obligations:

Each sub-processor is bound by a Data Processing Agreement (DPA), ensuring they:

  • Process data only on our instructions
  • Maintain appropriate technical and organizational measures
  • Assist us in fulfilling data subject rights and GDPR obligations
  • Return or delete data at the end of their engagement


  1. Security and Compliance:

All sub-processors we use are selected for their robust security practices, GDPR compliance, and international standards certifications where applicable.


Why This Matters

By carefully selecting and monitoring our sub-processors, we ensure that your data is processed securely, lawfully, and transparently. This approach not only meets GDPR Article 28 requirements but also ensures reliability and trust in the services we provide.



Last Updated January 2026



Updated on: 06/02/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!