Subprocessor Notice
The actual providers depend on the website function, customer deployment, selected integrations, region, and contract. A customer schedule controls when it is more specific than this public notice.
Public website providers
| Provider | Purpose | Data categories |
|---|---|---|
| Hostinger | Public website hosting, delivery, contact form processing, and first party analytics storage. | Network and request information, optional website analytics, and contact form information. |
| Google Fonts | Visual font delivery for the public website. | Standard network request information sent when the browser requests a font. |
| Email delivery providers | Delivery of contact, privacy, legal, support, and security messages. | Sender details, message content, routing metadata, and delivery records. |
Common MYID platform providers
These providers or categories can be used when enabled for a customer. Inclusion does not mean every provider receives every customer’s data.
| Provider or category | Purpose | When used |
|---|---|---|
| Microsoft Azure | Application hosting, managed platform services, network controls, secrets, monitoring, and related infrastructure. | When the customer deployment is hosted in the MYID Azure environment. |
| Google Firebase | Mobile push registration and notification delivery. | When push notifications are enabled for the mobile application. |
| Apple | iOS application distribution, notification delivery, device services, and optional Live Activities. | For users of the iOS application and enabled Apple services. |
| Google mobile services | Android application services, notification delivery, and distribution where selected. | For Android deployments using the applicable services. |
| SMS and email delivery providers | OTP delivery, notifications, and support communication. | When the customer or MYID configures the applicable delivery route. |
| Address validation providers | Address suggestions, detail lookup, and validation for approved profile updates. | Only when address editing and an address provider are enabled. |
Customer selected connected systems
Identity providers, Active Directory or LDAP, QRadar, endpoint protection, training systems, messaging providers, and other customer systems are commonly selected and controlled by the customer. They may receive requests or data required to perform the chosen function. Depending on the legal relationship, these systems can be the customer’s own processors rather than subprocessors appointed by SPS.
Review and change process
Before production approval, the parties should confirm the exact providers, purpose, data, region, contract role, security obligations, retention, and transfer mechanism for that deployment. Material changes are handled under the signed Data Processing Agreement or customer contract. Contact privacy@ext.myidselfverify.com for the schedule applicable to your organization.