Legal
Sub-Processors
Sous-Chef relies on the third-party providers below to deliver the service. We disclose them here in full, including the categories of personal information they process and the hosting regions they operate from. We update this page whenever the list changes.
Effective date: 2026-05-05 · Last reviewed: 2026-05-05
Current sub-processors
Frankfurt, Germany (AWS eu-central-1)- Purpose
- Postgres database, file storage (sick notes, signed documents), realtime
- Categories of personal information
- Employee records (name, email, role, ID number)
- Leave, schedule and disciplinary records
- Uploaded sick notes and signed documents
- Safeguards
- Encryption at rest (AES-256) and in transit (TLS 1.2+). RLS-enforced access.
Global edge; data origin is Frankfurt, Germany (AWS eu-central-1) per Supabase above- Purpose
- Connection pooling and edge query caching for Postgres
- Categories of personal information
- Read-through cache of database query results
- Safeguards
- TLS in transit. Cache scoped to the originating database.
Dublin, Ireland (AWS eu-west-1)- Purpose
- Transactional email delivery (invitations, leave decisions, contracts, certificates)
- Categories of personal information
- Recipient name and email address
- Email subject and body content (which may include HR document links)
- Safeguards
- TLS in transit. DKIM/SPF on all sending domains.
- Purpose
- Bot protection on registration, login and password-reset forms
- Categories of personal information
- Browser fingerprint signal, IP address (transient)
- Safeguards
- No personal information stored beyond challenge verification.
Washington, D.C., USA (iad1)- Purpose
- Application hosting and serverless functions for the Sous-Chef web app
- Categories of personal information
- Request and response data in transit (not persisted)
- Safeguards
- TLS in transit. Logs scrubbed of PII (see retention policy).
Changes to this list
When we add, replace or materially change a sub-processor, we update this page and notify customer organisation owners by email before the change takes effect, as required by our Operator Agreement (POPIA s20–21).
Questions, objections or DSARs: privacy@sous-chef.co.za.
← Back to home