Sub-processors | Care-Meter

What This Page Is

A “sub-processor” is a third party that we engage to process personal data on behalf of our care home customers. Under UK GDPR Article 28, customers must be told who their data passes through and given a chance to object before any new sub-processor handles their residents’ data.

This page is the authoritative, public list. It mirrors Schedule 3 of our Data Processing Agreement and is the canonical reference when a customer or auditor asks us where resident data goes.

Why we publish this

Most digital care record platforms run with sixteen-plus sub-processors and bury the list inside a paid-tier DPA. We keep the list short, audit it on every quarterly review, and publish it before customers ask.

Current Sub-processors

Every sub-processor below is bound by a written agreement imposing UK GDPR equivalent obligations and processes Personal Data only on our documented instructions.

Sub-processor	Purpose	Data transferred	Location	Contractual basis
Amazon Web Services (AWS)	Cloud infrastructure: DynamoDB, S3, Lambda, Cognito, SES, Amplify	All platform data	eu-west-2 (London)	AWS GDPR DPA (AWS Artifact)
AWS Bedrock — Anthropic Claude	AI inference: OCR structuring of handwritten notes, manager copilot. Customer prompts and responses are not used to train models.	Care note text, manager queries	eu-west-2 (London)	AWS Bedrock Terms; AWS DPA
AWS Bedrock — Amazon Nova	AI inference: classification of care notes against the 34 CQC Quality Statements.	Care note text	eu-west-2 (London)	AWS Bedrock Terms; AWS DPA
Amazon Textract	OCR processing of handwritten care notes and uploaded documents.	Images and PDFs of handwritten notes	eu-west-2 (London)	AWS DPA
Amazon Transcribe	Server-side audio transcription as a fallback path when in-browser transcription is unavailable.	Raw voice audio files (deleted within 30 days of processing)	eu-west-2 (London)	AWS DPA
Amazon CloudWatch	Application monitoring and operational logging. Configured to capture metadata only — no Personal Data in application logs.	Operational metadata; no Personal Data	eu-west-2 (London)	AWS DPA

On the ‘how many sub-processors’ question

The list above contains six service-level entries because that is how the AWS sub-processor relationships are accounted for under our DPA. Two distinct legal entities sit behind those six entries — Amazon Web Services and Anthropic — both contracted via the AWS Bedrock program. We list services individually to make data flow auditable, not to inflate the count.

Retired sub-processor. Amazon OpenSearch Service was previously listed for vector-search AI assistance. This processor has been retired; care-evidence retrieval now uses a deterministic ontology-tag projection. No personal data remains in OpenSearch.

Where Data Lives

All Care-Meter processing takes place inside the AWS eu-west-2 (London) region. Data does not leave the United Kingdom under normal operation. The single customer-facing exception is when a transfer to the USA is required for our payment processor or transactional email delivery service — in those cases we rely on UK-approved International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses, and the relevant safeguard is available on request from privacy@care-meter.co.uk.

AWS Bedrock model providers (Anthropic, Amazon Nova) operate inside the same UK region under the AWS Bedrock program. Bedrock does not use customer prompts or responses to train its models.

Data We Don't Share

We do not engage sub-processors to do any of the following with resident or staff data:

Marketing or product analytics on resident-identifiable data
Licensing of anonymised resident cohorts to research bodies or commercial partners
Behavioural advertising or third-party retargeting
Cross-tenant analytics that mix one care home’s data with another’s
Voice biometric profiling beyond optional voice-note transcription
Profiling for any automated decision affecting a resident’s care

If we ever propose to add a sub-processor whose purpose falls outside the categories listed above, we will treat it as a material change and follow the notification process in Section 5.

Notice of Changes

We notify Controllers (care home operators) of any proposed addition to or replacement of a sub-processor with at least 30 days’ written notice via email and a prominent in-platform banner. The notice will include:

The name and legal entity of the proposed sub-processor
The processing activity it will perform
The categories of personal data involved
The location of processing
The contractual basis on which it will process the data

During the notice period the Controller may object on reasonable grounds. We then either adjust scope, find an alternative provider, or — where the change is essential to continued provision of the Services and no alternative is reasonably available — work with the Controller on a wind-down or termination plan as set out in the DPA.

Object to a Sub-processor

If you are a current Controller and want to formally object to a sub-processor — current or proposed — email privacy@care-meter.co.uk with the subject line Sub-processor objection. Include:

The sub-processor name
The grounds for objection (data residency, security posture, regulatory concern, etc.)
Whether you are objecting to a current or proposed sub-processor

We acknowledge sub-processor objections within 2 working days and respond substantively within 14 working days, in line with the response targets in our Subscription Agreement §15.1.

Contact

Enquiry	Contact
Sub-processor objections and data flow questions	privacy@care-meter.co.uk
Legal and contractual enquiries	legal@care-meter.co.uk
Registered address	WillMachi Limited, 8 Raite Green, Sittingbourne, Kent, ME10 5JY
Companies House	14540910
ICO registration	ZC107807