Third-Party Sub Processors List - Free Form Creator with Custom QR Code | Form QR code generator

Third-Party Sub Processors List

QRTIGER Sub-processors

Published: April 1, 2026Last Updated: April 1, 2026

QR TIGER PTE. LTD. ("QR TIGER", "we", "us") uses certain third-party service providers (each, a "Subprocessor") to process Customer Personal Data on behalf of our customers in connection with the provision, operation, support, maintenance, and security of our services (the "Services"). These Subprocessors process Customer Personal Data only as necessary to perform the services we have engaged them to provide and in accordance with QR TIGER’s instructions.

Subprocessor due diligence and security

QR TIGER conducts risk-based reviews of Subprocessors and maintains appropriate oversight of their performance. Where engagement of a Subprocessor involves cross-border transfers of Customer Personal Data, QR TIGER implements appropriate transfer safeguards as required by applicable data protection laws and imposes contractual requirements on Subprocessors to maintain technical and organizational measures appropriate to the nature of the processing and associated risks.

Scope of this list

This page lists Subprocessors that may process Customer Personal Data in connection with QR TIGER’s generally available Services, including related support, communications, analytics, and infrastructure services. The processing by each Subprocessor will generally continue for the duration of a customer’s use of the Services, subject to the retention and deletion terms set out in the applicable customer agreement, DPA, and relevant product documentation.

QR TIGER may update this list from time to time to reflect operational changes. If our DPA provides for notice and objection rights for changes to Subprocessors, QR TIGER will follow that process as set out in the DPA.

Subprocessor list

The table below identifies each Subprocessor, the purpose of processing, the location(s) where processing may occur, additional information about the processing, and links to security resources.

DigitalOcean, LLC

Purpose/Service: Cloud hosting
Processing location(s): Broomfield, Colorado, USA
Additional information: DigitalOcean collects and processes information by providing cloud infrastructure services where applications, databases, and systems are hosted. Customer information is collected when end users interact with applications running on DigitalOcean’s servers. DigitalOcean may also collect technical and operational data such as IP addresses, server logs, system metadata, and performance information for security, monitoring, and maintenance purposes. DigitalOcean does not directly engage with end users.
Security measures: Security | DigitalOcean

MongoDB, Inc.

Purpose/Service: Managed database hosting (DBaaS) for application data
Processing location(s): New York, New York, USA
Additional information: MongoDB collects and processes information through database services used to store and manage application data. Customer information is collected when end users submit data through applications that rely on MongoDB databases. MongoDB may also collect database activity logs and system performance data to ensure service reliability and security. MongoDB processes data only as instructed by the service owner.
Security measures: https://www.mongodb.com/products/capabilities/security/features

Helpscout

Purpose/Service: Customer support ticketing tool
Processing location(s): Boston, Massachusetts, USA
Additional information: Help Scout collects customer information when end users communicate through customer support channels such as email, chat, or contact forms. This includes names, email addresses, message content, attachments, and communication metadata such as timestamps and IP addresses. The information is processed for the purpose of managing and responding to support requests.
Security measures: Security - Help Scout

Google LLC

Purpose/Service: Cloud infrastructure, analytics, identity, storage, APIs
Processing location(s): Mountain View, California, USA
Additional information: Google collects information through services that support application hosting, productivity, analytics, and infrastructure operations. Information is collected when end users interact with systems or services powered by Google technologies and may include identifiers, usage data, and technical information such as IP addresses and device data. Google processes this information in accordance with its service agreements and privacy policies.
Security measures: Google security overview

Google Analytics

Purpose/Service: Analytics provider
Processing location(s): Mountain View, California, USA
Additional information: Google Analytics collects information automatically when end users visit or interact with websites or applications where the service is implemented. This includes online identifiers, cookies, IP addresses, device and browser information, pages visited, and usage behavior. The data is used to analyze traffic patterns, user behavior, and website performance.
Security measures: Google security overview

Stripe

Purpose/Service: Payment processor
Processing location(s): San Francisco, California, USA & Dublin, Ireland
Additional information: Stripe collects customer information when end users initiate or complete payment transactions. This includes payment details, billing information, transaction data, and fraud-prevention information such as IP addresses and device identifiers. Stripe processes this information to facilitate secure payment processing and comply with financial and regulatory obligations.
Security measures: Security at Stripe

Paypal

Purpose/Service: Payment processor
Processing location(s): San Jose, California, USA
Additional information: PayPal collects customer information when end users choose PayPal as a payment method. Information collected includes account details, payment credentials, transaction information, and technical data used for security, authentication, and fraud prevention. PayPal acts as an independent payment service provider in accordance with its own privacy practices.
Security measures: PayPal Secure Technology | Data Protection

Twilio, Inc.

Purpose/Service: Communication APIs
Processing location(s): San Francisco, California, USA
Additional information: Twilio collects customer information when communication services such as SMS messages, voice calls, or notifications are sent through its platform. This includes phone numbers, message or call content, delivery records, timestamps, and related metadata. The information is processed to deliver communications and ensure service performance and reliability.
Security measures: Twilio Security Overview

Mailgun

Purpose/Service: Communications technology service provider
Processing location(s): San Antonio, Texas, USA
Additional information: Mailgun collects customer information when transactional or notification emails are sent through its email delivery platform. Information collected includes email addresses, message content, delivery status, IP addresses, and engagement metrics such as opens and bounces. The data is used to deliver emails and monitor email performance and security.
Security measures: Mailgun’s Commitment to Security and Compliance

Brevo

Purpose/Service: Email marketing tool
Processing location(s): Paris, France
Additional information: Brevo collects customer information when marketing or transactional communications are sent through its platform. This may include contact details, message content, engagement data, and technical identifiers such as IP addresses. The information is processed for communication delivery, campaign management, and analytics.
Security measures: Data Security and Privacy | Brevo

HubSpot

Purpose/Service: Customer relationship management platform
Processing location(s): Cambridge, Massachusetts, USA
Additional information: HubSpot collects customer information when end users interact with marketing tools, forms, CRM systems, or automated communication features. Information collected may include contact details, interaction history, preferences, and usage data. This data is processed to support customer relationship management, marketing automation, and analytics.
Security measures: HubSpot Security Program

Cloudflare, Inc.

Purpose/Service: Infrastructure
Processing location(s): San Francisco, California, USA
Additional information: Cloudflare collects information when end users access websites or applications protected by its network. This includes IP addresses, request data, device information, and security logs. The information is processed to provide content delivery, performance optimization, and protection against malicious traffic and cyber threats.
Security measures: Everywhere Security | Unified Cybersecurity Platform | Cloudflare

OpenAI

Purpose/Service: AI tool
Processing location(s): San Francisco, California, USA
Additional information: OpenAI collects information when AI services process user-provided inputs. This may include text or data submitted through applications using OpenAI’s services, as well as technical metadata related to usage and performance. The information is processed to generate AI outputs, maintain service functionality, and improve system reliability, in accordance with applicable privacy settings and policies.
Security measures: Security | OpenAI

Subprocessor name	Purpose/Service	Processing location(s)	Additional information	Security measures
DigitalOcean, LLC	Cloud hosting	Broomfield, Colorado, USA	DigitalOcean collects and processes information by providing cloud infrastructure services where applications, databases, and systems are hosted. Customer information is collected when end users interact with applications running on DigitalOcean’s servers. DigitalOcean may also collect technical and operational data such as IP addresses, server logs, system metadata, and performance information for security, monitoring, and maintenance purposes. DigitalOcean does not directly engage with end users.	Security \| DigitalOcean
MongoDB, Inc.	Managed database hosting (DBaaS) for application data	New York, New York, USA	MongoDB collects and processes information through database services used to store and manage application data. Customer information is collected when end users submit data through applications that rely on MongoDB databases. MongoDB may also collect database activity logs and system performance data to ensure service reliability and security. MongoDB processes data only as instructed by the service owner.	https://www.mongodb.com/products/capabilities/security/features
Helpscout	Customer support ticketing tool	Boston, Massachusetts, USA	Help Scout collects customer information when end users communicate through customer support channels such as email, chat, or contact forms. This includes names, email addresses, message content, attachments, and communication metadata such as timestamps and IP addresses. The information is processed for the purpose of managing and responding to support requests.	Security - Help Scout
Google LLC	Cloud infrastructure, analytics, identity, storage, APIs	Mountain View, California, USA	Google collects information through services that support application hosting, productivity, analytics, and infrastructure operations. Information is collected when end users interact with systems or services powered by Google technologies and may include identifiers, usage data, and technical information such as IP addresses and device data. Google processes this information in accordance with its service agreements and privacy policies.	Google security overview
Google Analytics	Analytics provider	Mountain View, California, USA	Google Analytics collects information automatically when end users visit or interact with websites or applications where the service is implemented. This includes online identifiers, cookies, IP addresses, device and browser information, pages visited, and usage behavior. The data is used to analyze traffic patterns, user behavior, and website performance.	Google security overview
Stripe	Payment processor	San Francisco, California, USA & Dublin, Ireland	Stripe collects customer information when end users initiate or complete payment transactions. This includes payment details, billing information, transaction data, and fraud-prevention information such as IP addresses and device identifiers. Stripe processes this information to facilitate secure payment processing and comply with financial and regulatory obligations.	Security at Stripe
Paypal	Payment processor	San Jose, California, USA	PayPal collects customer information when end users choose PayPal as a payment method. Information collected includes account details, payment credentials, transaction information, and technical data used for security, authentication, and fraud prevention. PayPal acts as an independent payment service provider in accordance with its own privacy practices.	PayPal Secure Technology \| Data Protection
Twilio, Inc.	Communication APIs	San Francisco, California, USA	Twilio collects customer information when communication services such as SMS messages, voice calls, or notifications are sent through its platform. This includes phone numbers, message or call content, delivery records, timestamps, and related metadata. The information is processed to deliver communications and ensure service performance and reliability.	Twilio Security Overview
Mailgun	Communications technology service provider	San Antonio, Texas, USA	Mailgun collects customer information when transactional or notification emails are sent through its email delivery platform. Information collected includes email addresses, message content, delivery status, IP addresses, and engagement metrics such as opens and bounces. The data is used to deliver emails and monitor email performance and security.	Mailgun’s Commitment to Security and Compliance
Brevo	Email marketing tool	Paris, France	Brevo collects customer information when marketing or transactional communications are sent through its platform. This may include contact details, message content, engagement data, and technical identifiers such as IP addresses. The information is processed for communication delivery, campaign management, and analytics.	Data Security and Privacy \| Brevo
HubSpot	Customer relationship management platform	Cambridge, Massachusetts, USA	HubSpot collects customer information when end users interact with marketing tools, forms, CRM systems, or automated communication features. Information collected may include contact details, interaction history, preferences, and usage data. This data is processed to support customer relationship management, marketing automation, and analytics.	HubSpot Security Program
Cloudflare, Inc.	Infrastructure	San Francisco, California, USA	Cloudflare collects information when end users access websites or applications protected by its network. This includes IP addresses, request data, device information, and security logs. The information is processed to provide content delivery, performance optimization, and protection against malicious traffic and cyber threats.	Everywhere Security \| Unified Cybersecurity Platform \| Cloudflare
OpenAI	AI tool	San Francisco, California, USA	OpenAI collects information when AI services process user-provided inputs. This may include text or data submitted through applications using OpenAI’s services, as well as technical metadata related to usage and performance. The information is processed to generate AI outputs, maintain service functionality, and improve system reliability, in accordance with applicable privacy settings and policies.	Security \| OpenAI