Sub-Processor List
Last updated: 24 April 2026
EILEEN uses the following third-party service providers ("sub-processors") to deliver our mental health support platform. Each processor operates under a Data Processing Agreement (DPA) and processes data only as instructed by CTRL Ltd.
We may update this list from time to time. Material changes will be communicated via in-app notification and email. You can always find the latest version at this page.
AI Providers
AI providers process your data only when you use AI-powered features (such as appointment letter scanning) and only with your explicit consent. AI providers do not retain your data after processing. EXIF metadata (GPS coordinates, device information) is stripped from images before they are sent to any AI provider.
| Provider | Purpose | Data Sent | Retention | Location |
|---|---|---|---|---|
| Google (Gemini) | Appointment letter scanning | Scanned letter images (EXIF stripped) | None — deleted after processing | EU/UK |
What is NOT sent to AI providers: your name, email address, phone number, or care provider name. Provider names mentioned in letters are redacted before processing.
Cloud Infrastructure
| Provider | Purpose | Data Categories | Location |
|---|---|---|---|
| Heroku (Salesforce) | Application hosting and database | All application data | EU |
| Amazon Web Services (S3) | File storage and content delivery | Uploaded files, static assets | EU (eu-west-2) |
| Redis Cloud | Caching and task queue | Session tokens, task metadata (no PII) | EU |
Communication
| Provider | Purpose | Data Categories | Retention | Location |
|---|---|---|---|---|
| Twilio | SMS notifications and reminders | Phone numbers, message content | 30 days | US (EU data routing) |
| Firebase Cloud Messaging | Push notifications | Device tokens, notification content | None — delivery only | EU |
Monitoring
| Provider | Purpose | Data Categories | Retention | Location |
|---|---|---|---|---|
| Sentry | Error tracking and crash reporting | Anonymised crash reports, stack traces | 90 days | EU (eu.sentry.io) |
Data Minimisation
For all sub-processors, we follow the principle of data minimisation:
- Only the minimum data necessary for the specific purpose is shared
- EXIF metadata is stripped from images before sending to AI providers
- User names and provider names are redacted where possible
- Anonymised data is used for monitoring and crash reporting
- All sub-processors have Data Processing Agreements in place
Your Rights
You can withdraw consent for AI data processing at any time in your Privacy Settings. When you withdraw consent, all your AI interaction records are immediately deleted. EILEEN will continue to work without AI features — you can still enter appointment details manually.
For questions about our sub-processors, contact us at privacy@eileen.app.