Sub-Processors used by Arc Pathway
Last Updated: March 2025
At Arc Pathway, we value your trust and are committed to maintaining the highest standards of security and data protection. Below is a detailed list of our current sub-processors, along with an overview of the security arrangements in place to safeguard your data:
1. Microsoft Azure
• Purpose: Cloud hosting services for data storage and processing.
• Security: Microsoft Azure is ISO/IEC 27001 certified and follows strict security protocols, including data encryption at rest and in transit, multi-factor authentication for access, and regular audits of their systems. All data is stored in secure UK-based data centres.
2. Microsoft Office 365
• Purpose: Email and productivity tools used for communication and internal operations.
• Security: Microsoft Office 365 complies with GDPR and UK data protection standards. Data is encrypted in transit and at rest. Microsoft also maintains robust identity and access management systems to prevent unauthorised access.
3. Close CRM
• Purpose: Customer Relationship Management system for managing client relationships.
• Security: Close uses industry-standard encryption protocols to protect data during storage and transmission. They adhere to GDPR and maintain strict internal controls for data access.
4. SendGrid
• Purpose: Email delivery service for sending automated notifications and updates.
• Security: SendGrid provides TLS encryption for email delivery and maintains compliance with ISO/IEC 27001 and GDPR. They also have measures in place to detect and mitigate abuse of their systems.
5. Mailchimp
• Purpose: Email marketing platform for sending newsletters and service updates.
• Security: Mailchimp encrypts all data in transit using TLS and offers robust access control measures. They comply with GDPR and have obtained SOC 2 certification, ensuring secure data management practices.
6. Vocala Ltd.
• Purpose: Software development services, including maintenance and debugging.
• Security: Only DBS-approved staff have access to our database. All data access is logged and monitored, and Vocala operates under a strict confidentiality agreement. Data access is limited to what is necessary for their work, and all processing adheres to UK GDPR requirements.
6. Cloudflare, Inc
• Purpose: Cloudflare provides content delivery and edge caching services to improve the performance and availability of static files (e.g. images, videos, and PDFs) within Arc Pathway.
• Security: Cloudflare is ISO/IEC 27001 and SOC 2 certified, and implements strict security protocols, including data encryption in transit, advanced DDoS protection, and Web Application Firewall (WAF) capabilities. Static files are cached temporarily on Cloudflare’s edge servers to improve performance, but remain protected by time-limited access controls. Cloudflare does not store or process full personal data, and cached content is only accessible within the authorised Arc Pathway environment.
7. Calendly, Inc
• Purpose: Calendly is used to provide calendar scheduling functionality for users requesting a demo or trial via the Arc Pathway website. Calendly collects and temporarily stores user-provided contact details (e.g. name, email address, and optionally organisation details) in order to facilitate appointment booking with the Arc Pathway team.
• Security: Calendly is ISO/IEC 27001 and SOC 2 certified, and implements robust security controls including TLS encryption in transit, access logging, and role-based access controls for customer data. Data is processed and stored on secure servers located in the United States. Calendly does not use the submitted information for any marketing or analytics purposes, and access is strictly limited to Arc Pathway’s administrative users for scheduling purposes.
• Scope: Calendly is only used in the context of users actively requesting a trial or demo on the Arc Pathway website. No data is shared with Calendly unless a user voluntarily initiates a booking process.
Safeguards and Accountability
• All sub-processors are under written agreements to comply with UK and EU data protection laws, including the General Data Protection Regulation (GDPR).
• Data is processed solely within the scope necessary for Arc Pathway to deliver its services.
• We review sub-processor compliance regularly to ensure continued adherence to our standards and legal requirements.
• If we make changes to our sub-processors, customers will be notified in advance and given an opportunity to object, where applicable.
Sub-Processors used by Arc Pathway
At Arc Pathway, we value your trust and are committed to maintaining the highest standards of security and data protection. Below is a detailed list of our current sub-processors, along with an overview of the security arrangements in place to safeguard your data:
1. Microsoft Azure
• Purpose: Cloud hosting services for data storage and processing.
• Security: Microsoft Azure is ISO/IEC 27001 certified and follows strict security protocols, including data encryption at rest and in transit, multi-factor authentication for access, and regular audits of their systems. All data is stored in secure UK-based data centres.
2. Microsoft Office 365
• Purpose: Email and productivity tools used for communication and internal operations.
• Security: Microsoft Office 365 complies with GDPR and UK data protection standards. Data is encrypted in transit and at rest. Microsoft also maintains robust identity and access management systems to prevent unauthorised access.
3. Close CRM
• Purpose: Customer Relationship Management system for managing client relationships.
• Security: Close uses industry-standard encryption protocols to protect data during storage and transmission. They adhere to GDPR and maintain strict internal controls for data access.
4. SendGrid
• Purpose: Email delivery service for sending automated notifications and updates.
• Security: SendGrid provides TLS encryption for email delivery and maintains compliance with ISO/IEC 27001 and GDPR. They also have measures in place to detect and mitigate abuse of their systems.
5. Mailchimp
• Purpose: Email marketing platform for sending newsletters and service updates.
• Security: Mailchimp encrypts all data in transit using TLS and offers robust access control measures. They comply with GDPR and have obtained SOC 2 certification, ensuring secure data management practices.
6. Vocala Ltd.
• Purpose: Software development services, including maintenance and debugging.
• Security: Only DBS-approved staff have access to our database. All data access is logged and monitored, and Vocala operates under a strict confidentiality agreement. Data access is limited to what is necessary for their work, and all processing adheres to UK GDPR requirements.
Safeguards and Accountability
• All sub-processors are under written agreements to comply with UK and EU data protection laws, including the General Data Protection Regulation (GDPR).
• Data is processed solely within the scope necessary for Arc Pathway to deliver its services.
• We review sub-processor compliance regularly to ensure continued adherence to our standards and legal requirements.
• If we make changes to our sub-processors, customers will be notified in advance and given an opportunity to object, where applicable.
Sub-Processors used by Arc Pathway
At Arc Pathway, we value your trust and are committed to maintaining the highest standards of security and data protection. Below is a detailed list of our current sub-processors, along with an overview of the security arrangements in place to safeguard your data:
1. Microsoft Azure
• Purpose: Cloud hosting services for data storage and processing.
• Security: Microsoft Azure is ISO/IEC 27001 certified and follows strict security protocols, including data encryption at rest and in transit, multi-factor authentication for access, and regular audits of their systems. All data is stored in secure UK-based data centres.
2. Microsoft Office 365
• Purpose: Email and productivity tools used for communication and internal operations.
• Security: Microsoft Office 365 complies with GDPR and UK data protection standards. Data is encrypted in transit and at rest. Microsoft also maintains robust identity and access management systems to prevent unauthorised access.
3. Close CRM
• Purpose: Customer Relationship Management system for managing client relationships.
• Security: Close uses industry-standard encryption protocols to protect data during storage and transmission. They adhere to GDPR and maintain strict internal controls for data access.
4. SendGrid
• Purpose: Email delivery service for sending automated notifications and updates.
• Security: SendGrid provides TLS encryption for email delivery and maintains compliance with ISO/IEC 27001 and GDPR. They also have measures in place to detect and mitigate abuse of their systems.
5. Mailchimp
• Purpose: Email marketing platform for sending newsletters and service updates.
• Security: Mailchimp encrypts all data in transit using TLS and offers robust access control measures. They comply with GDPR and have obtained SOC 2 certification, ensuring secure data management practices.
6. Vocala Ltd.
• Purpose: Software development services, including maintenance and debugging.
• Security: Only DBS-approved staff have access to our database. All data access is logged and monitored, and Vocala operates under a strict confidentiality agreement. Data access is limited to what is necessary for their work, and all processing adheres to UK GDPR requirements.
Safeguards and Accountability
• All sub-processors are under written agreements to comply with UK and EU data protection laws, including the General Data Protection Regulation (GDPR).
• Data is processed solely within the scope necessary for Arc Pathway to deliver its services.
• We review sub-processor compliance regularly to ensure continued adherence to our standards and legal requirements.
• If we make changes to our sub-processors, customers will be notified in advance and given an opportunity to object, where applicable.