Sub-processors
TheBooker - Sub-processors
Last updated: 27/04/2026
Effective date: 27/04/2026
This page lists the third parties ("sub-processors") that THEBOOKER LTD ("TheBooker", "we", "us") engages to help us deliver our service, and that may process personal data on behalf of our customers — the tradespeople who use TheBooker, and their end-customers — in the course of doing so.
It is the authoritative, up-to-date list referred to in our Terms of Service (Schedule 1, the Data Processing Agreement) and our Privacy Policy.
If you have questions about anything on this page, email privacy@thebooker.ai.
What is a sub-processor?
When you (a tradesperson) use TheBooker, we process personal data on your behalf — for example, the contents of customer enquiries forwarded into the platform, and details about the bookings we help you draft replies to. Under UK GDPR, you are the data controller for that data and we are the data processor.
A sub-processor is a third party we use to help us provide the service — for example, our cloud hosting provider — that may, in the course of doing its job, process some of that personal data. Sub-processors only ever process data on our documented instructions, under written contracts that pass through the same protections you have from us.
This page lists every sub-processor that may currently process personal data of the kind described above. We will keep it up to date.
How we choose sub-processors
We use as few sub-processors as we reasonably can. Before we engage a new one, we satisfy ourselves that:
- they offer at least the same level of protection for personal data as we do;
- they are bound by written contractual obligations equivalent to those we owe you;
- where they process data outside the United Kingdom, the transfer is covered by an appropriate UK GDPR safeguard (see International transfers below); and
- their use is genuinely necessary for the service we provide.
We are a small, UK-based company. We try to keep our infrastructure simple and our data flows easy to explain. If a vendor we'd consider engaging can't satisfy the points above, we don't engage them.
Current sub-processors
Core infrastructure
Sub-processor | Legal entity | Role | Location of processing | Transfer mechanism |
Amazon Web Services | Amazon Web Services EMEA SARL (Luxembourg) | Hosting, storage, compute, databases (DynamoDB, Aurora Serverless), AI inference (Amazon Bedrock), email receipt and sending (Amazon SES), key management (KMS), secrets storage. | Primarily eu-west-2 (London, UK). AI inference via Amazon Bedrock may process data in other AWS regions, including US regions, depending on which models are available where. Other AWS services may briefly process data in adjacent regions for resilience or service availability. | AWS Data Processing Addendum incorporating the UK Addendum to the EU Standard Contractual Clauses. The UK Extension to the EU-US Data Privacy Framework also applies where AWS Inc. is the receiving entity. |
Communications and operations
Sub-processor | Legal entity | Role | Location of processing | Transfer mechanism |
Google Workspace | Google Ireland Limited | Our internal business email on the thebooker.ai domain — including individual staff addresses (such as chris@thebooker.ai) and Google Groups (such as privacy@thebooker.ai). May process the contents of correspondence between you and us — for example, support emails, onboarding emails, breach notifications, or messages you send to our privacy inbox — but is not used to receive, send, or store enquiry email forwarded into the platform; that pipeline runs through Amazon SES (see Core infrastructure above). | EU and United States | UK Extension to the EU-US Data Privacy Framework (Google LLC is certified). Google's standard data processing terms incorporating the UK Addendum to the EU Standard Contractual Clauses. |
Payments
Sub-processor | Legal entity | Role | Location of processing | Transfer mechanism |
Stripe | Stripe Payments UK, Ltd. | Processes your subscription payments to TheBooker (i.e. your own account billing data). Does not receive or process the personal data of your end-customers. For some aspects of payment processing and fraud prevention Stripe acts as an independent data controller under its own privacy policy. | UK and United States | UK Extension to the EU-US Data Privacy Framework (Stripe is certified). |
Note on Stripe. Strictly speaking, Stripe is not a sub-processor for the personal data covered by our DPA — it processes your own account/billing data, for which we (and in some respects Stripe itself) are the controller, not your end-customers' data. We list Stripe here for full transparency about who touches data in our supply chain.
Sub-processors you connect to TheBooker
Some integrations are only engaged if you explicitly authorise them — typically by completing an OAuth consent flow, or, in the case of Apple iCloud, by providing an app-specific password. These are listed separately because they only ever process your data if you connect them, and the underlying provider continues to operate under its own terms and privacy policy for your account with it.
A note on what's listed below. This table is a complete picture rather than a snapshot of what's connectable right this minute. It includes integrations that are available now, integrations that are rolling out behind a feature flag (visible only to a subset of customers while we test them), and integrations that are planned for general release once we've finished building them. The Status column shows where each one currently sits.
We list everything for transparency. We'd rather you saw the full picture up front than have a new sub-processor appear in your settings unannounced when a feature flag flips or a release ships. A provider listed as Planned or Rolling out is not yet processing any of your data — it cannot, until you personally connect it, and you cannot connect it until we make it available to you.
Sub-processor | Legal entity | Role | Location of processing | Transfer mechanism | Status |
Google (Calendar / Gmail) | Google Ireland Limited / Google LLC | Read calendar availability; send replies through your Gmail account's authenticated API where you have authorised this. | EU and United States | UK Extension to the EU-US Data Privacy Framework (Google LLC is certified). | Rolling out |
Microsoft (Outlook / Microsoft 365 Calendar) | Microsoft Ireland Operations Limited / Microsoft Corporation | Read calendar availability; send replies through your Microsoft account's authenticated API where you have authorised this. | EU and United States | UK Extension to the EU-US Data Privacy Framework (Microsoft Corporation is certified). | Planned |
Apple (iCloud Calendar via CalDAV) | Apple Distribution International Limited / Apple Inc. | Read calendar availability via the open CalDAV protocol, using an app-specific password you supply. iCloud Mail is not supported for ingestion or sending. | United States | Apple's standard data processing terms incorporating the UK Addendum to the EU Standard Contractual Clauses. | Planned |
Yahoo (Mail / Calendar) | Yahoo EMEA Limited / Yahoo Inc. | Send replies through your Yahoo Mail account's authenticated API; read calendar availability via Yahoo Calendar's CalDAV interface, in each case where you have authorised this. | EU and United States | Standard Contractual Clauses with the UK Addendum. | Planned |
You can revoke any of these connections at any time, either from inside TheBooker or from the provider's own account settings. When you do, we stop using that connection immediately and delete any tokens we hold for it.
What about web push notifications?
We deliver browser push notifications using the open Web Push protocol with VAPID keys. This sends notification payloads via the push service operated by your browser vendor — typically Google (Chrome / Edge), Mozilla (Firefox), or Apple (Safari). We do not have a contractual relationship with these push services for this purpose; they are infrastructure your browser uses on your behalf, much like the DNS resolver your network uses to look up websites.
Notification payloads are encrypted end-to-end between us and your browser. Push services see only metadata required for delivery (such as the destination endpoint and message size), not the contents of the notification.
We mention this here for transparency, but it does not constitute a sub-processor relationship under UK GDPR.
International transfers
Our primary processing happens in the United Kingdom (AWS eu-west-2, London). Where a sub-processor processes personal data outside the UK, we rely on one or more of the following safeguards, as appropriate to the recipient:
- The UK Extension to the EU-US Data Privacy Framework (the "UK-US Data Bridge"), where the receiving entity is certified under the framework. The UK government has recognised the framework as providing an adequate level of protection.
- The UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, in each case incorporated into the relevant sub-processor's data processing terms.
- For AWS specifically, the AWS Data Processing Addendum, which incorporates Standard Contractual Clauses and the UK Addendum and includes commitments about how AWS handles data across regions.
The specific mechanism applied to each named sub-processor is shown in the tables above.
We keep data inside the UK wherever service availability allows. The most likely reason for a transfer outside the UK is that an Amazon Bedrock model we want to use is only available in a US region.
Notification of changes
We notify customers of changes to this list before the change takes effect, in line with section 7.3 of our DPA.
How we notify you:
- We update this page with the new sub-processor's details and update the "Last updated" date.
- We send an email to the address on your account at least fourteen (14) days before the new sub-processor begins processing personal data, unless an emergency change is needed sooner (in which case we explain why).
- For sub-processors you connect (the OAuth/CalDAV integrations in the previous section), no advance notice is required because they only become active when you choose to connect them.
How to object:
If you reasonably object to a proposed new sub-processor on data protection grounds, contact us at privacy@thebooker.ai before the effective date. We will work with you in good faith to resolve the concern. If we cannot, you may terminate your contract on the terms set out in section 7.3 of the DPA.
Change history
Date | Change |
[DATE] | Initial publication. |
Contact
Privacy contact: privacy@thebooker.ai
Postal address: THEBOOKER LTD 167-169 Great Portland Street, Fifth Floor London W1W 5PF United Kingdom
Companies House registration: 17014293
ICO registration number: ZC126942