1. Overview
In accordance with Article 28 of the General Data Protection Regulation (GDPR), this page lists the subprocessors that Blue Beard Solutions Inc. ("Company," "we," "us," or "our") engages to process personal data on behalf of our customers in connection with the MayDay-IC incident command platform (the "Service").
A "subprocessor" is a third-party data processor engaged by us who has or potentially will have access to or process personal data provided by our customers or collected on their behalf through the Service.
2. Current Subprocessors
The following table lists all subprocessors currently authorized to process personal data in connection with the Service:
| Subprocessor | Purpose | Data Processed | Location | Privacy Policy |
|---|---|---|---|---|
| OpenAI | AI analysis (triage recommendations, protocol advisor, transcription, report generation) | Prompts and responses; no PHI retained by subprocessor | San Francisco, CA, USA | openai.com/privacy |
| Stripe | Payment processing | Billing information, subscription data | San Francisco, CA, USA | stripe.com/privacy |
| Google (Google Maps Platform) | Geocoding, navigation, hospital search | Location data, addresses | Mountain View, CA, USA | policies.google.com/privacy |
| Neon (PostgreSQL) | Database hosting | All application data (encrypted at rest and in transit) | USA | neon.tech/privacy |
| National Weather Service (NWS) | Weather alerts | Incident location coordinates | USA (Public Domain) | N/A (US Government, public domain data) |
| CHEMTREC | Hazmat reference data | Chemical lookup queries | USA | chemtrec.com/privacy |
| Replit | Application hosting | All application data in transit | San Francisco, CA, USA | replit.com/privacy |
3. Data Protection Measures
Each subprocessor is subject to the following requirements:
- Contractual obligations to process personal data only as instructed by us and in accordance with applicable data protection laws.
- Implementation of appropriate technical and organizational security measures to protect personal data.
- Obligations to assist us in fulfilling data subject requests and breach notification requirements.
- Restrictions on further sub-processing without prior authorization.
- Deletion or return of personal data upon termination of the subprocessing relationship.
Where subprocessors may access Protected Health Information (PHI), we maintain Business Associate Agreements (BAAs) in accordance with HIPAA requirements.
4. Notification of Changes
We will provide at least 30 days' advance written notice before adding or replacing any subprocessor that processes personal data. Notification will be sent to the email address associated with your account or the designated contact for your organization.
The notice will include:
- The name and location of the new subprocessor
- The nature of the processing to be performed
- The categories of personal data to be processed
- The effective date of the change
5. Objection Rights
If you have a legitimate objection to our use of a new subprocessor, you may raise your objection by contacting us within 14 days of receiving the notification. We will work with you in good faith to address your concerns. Legitimate objections must be based on reasonable data protection grounds.
If we are unable to resolve your objection to your reasonable satisfaction, you may terminate the affected portion of the Service by providing written notice. We will refund any prepaid fees covering the remainder of the term following the effective date of termination.
6. International Data Transfers
All subprocessors listed above are located in the United States. Where personal data is transferred from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) as approved by the European Commission
- EU-US Data Privacy Framework certification (where applicable)
- Supplementary technical and organizational measures as necessary
7. Contact Us
For questions about our subprocessors, to request notification of changes, or to raise an objection:
Email: info@maydayic.com
For Data Processing Agreement inquiries:
Email: info@maydayic.com
Blue Beard Solutions Inc.
Data Protection Officer