Subprocessors
Last updated: 4 June 2026
Mule-it Ltd engages the following third-party providers ("subprocessors") to assist in operating the platform. Each subprocessor is bound by a Data Processing Agreement ("DPA") that requires them to handle personal data securely and in compliance with UK GDPR and, where applicable, EU GDPR.
Subprocessors process data only as instructed by Mule-it and are required to implement appropriate technical and organisational security measures. This list does not disclose proprietary architecture or internal configurations.
| Subprocessor | Purpose | Location | Transfer safeguard | Website |
|---|---|---|---|---|
| Supabase Inc. | Database hosting, authentication, and file storage | United States / European Union | EU Standard Contractual Clauses, SOC 2 Type II, EU data centres available | Visit → |
| Stripe Inc. | Payment processing, card tokenisation, and payment escrow | United States / European Union | EU Standard Contractual Clauses, PCI DSS Level 1 certified | Visit → |
| Twilio Inc. | SMS notifications — delivery handover codes and job alerts | United States / European Union | EU Standard Contractual Clauses, SOC 2 Type II, ISO 27001 | Visit → |
| Vercel Inc. | Web application hosting and edge content delivery | United States / European Union | EU Standard Contractual Clauses, SOC 2 Type II, EU edge nodes available | Visit → |
| Mapbox Inc. | Interactive mapping, route visualisation, and geocoding | United States | EU Standard Contractual Clauses, data processing agreement | Visit → |
| TransferWise Ltd (Wise) | Driver earnings payouts to registered UK bank accounts | United Kingdom | UK adequacy decision — no transfer mechanism required | Visit → |
| Ideal Postcodes Ltd | UK postcode lookup, geocoding, and address validation | United Kingdom | UK adequacy decision — no transfer mechanism required | Visit → |
Data Transfer Mechanisms
For subprocessors located outside the United Kingdom, we ensure appropriate safeguards are in place:
UK Standard Contractual Clauses (UK SCCs) / EU SCCs
All subprocessors processing data outside the UK have signed the ICO-approved International Data Transfer Agreement (IDTA) or EU SCCs, ensuring UK/GDPR-compliant data transfers.
UK Adequacy Decisions
Subprocessors based in the United Kingdom (Wise, Ideal Postcodes) benefit from the UK's adequacy decision — no additional transfer mechanism is required.
Industry Certifications
Subprocessors maintain relevant certifications including SOC 2 Type II, ISO 27001, and PCI DSS Level 1 (for payment processing).
Data Processing Agreements
Each subprocessor has executed a comprehensive DPA that outlines their obligations regarding data protection, security, and confidentiality.
Technical Safeguards
All data transfers are encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
Changes to This List
We may add, remove, or replace subprocessors from time to time. We will update the "Last updated" date at the top of this page when we do so. Where a change represents a material new category of processing, we will notify registered users by email at least 14 days in advance.
Contact
General enquiries
hello@mule-it.coPrivacy questions
privacy@mule-it.coData Protection Officer
dpo@mule-it.coMule-it Ltd
United Kingdom
Registered in England and Wales
Related documents