Speak Your Menu Sub-processor List
Last Updated: July 15, 2025
1. Overview
We engage the following subprocessors to help provide and improve our Services. We require all subprocessors to implement appropriate technical and organizational measures to protect your data.
2. Sub-processor List
Speak Your Menu uses the third-party service providers listed below to process Personal Data on our behalf. Each Sub-processor is bound by written data-protection terms that offer safeguards equal to or greater than those in our Data Processing Addendum (DPA). We will update this list at least 10 days before we add or replace a Sub-processor.
| Sub-processor | Purpose | Location | Key Safeguards |
|---|---|---|---|
| Amazon Web Services (AWS) | Application hosting (EC2) and encrypted backups (S3) | USA (us-east-1) | ISO 27001, SOC 2 Type II, AES-256 storage encryption |
| MongoDB Atlas | Managed database clusters | USA (us-east-1) | SOC 2 Type II, TLS 1.2+, disk encryption |
| Stripe | Subscription billing & payment processing | USA | PCI-DSS Level 1, TLS 1.2+ |
| Google (Gmail SMTP) | Transactional / onboarding e-mail delivery (via NodeMailer) | USA | Google security & privacy program, TLS 1.2+ |
| MailerLite | Marketing e-mail campaigns | EU / USA | GDPR-compliant, TLS 1.2+ |
How we evaluate Sub-processors
Every vendor undergoes security and privacy due-diligence, including review of audit reports (e.g., SOC 2), encryption standards, and incident-response procedures.
Objection procedure
If you have a reasonable privacy objection to any new Sub-processor, e-mail support@speakyourmenu.com within 10 days of receiving notice. We’ll work in good faith to address your concerns or propose an alternative solution.
