Service providers

Service providers and processors.

Categories of service providers that process data on behalf of Zeevio LLC when you use Mapigo Health.

Last updated 8 June 2026

Why categories, not names

Privacy laws applicable to Mapigo Health (including the EU General Data Protection Regulation, the California Consumer Privacy Act, and the South African Protection of Personal Information Act) require disclosure of the categories of third parties that process personal information on behalf of the operator. They do not require, and we do not provide publicly, the identity of each individual vendor.

Publishing specific vendor names provides limited additional transparency to the average reader and creates a precise map of our infrastructure for anyone trying to attack it. We instead disclose categories here and provide specific names to verified data subjects on request — see Specific names on request below.

Processor categories

Each row below describes a class of service provider, what it is used for, the categories of data it can technically access, and the geographic region in which it operates.

All providers in this list are bound by a written data processing agreement with Zeevio LLC that obliges them to process your data only for the purpose described, under appropriate technical and organisational safeguards, and to apply the safeguards required by applicable cross-border transfer law.

Application hosting and content delivery

Purpose: Serves the web application and static assets, terminates TLS, and routes requests close to your location.
Data categories: IP address, user-agent, the URL paths you request, and any data you submit through forms. Does not see the contents of your database records once stored.
Region: Multi-region (United States and European Union edge nodes).

Managed relational database

Purpose: Stores your account, blood pressure readings, trigger logs, settings, doctor-share records, and access logs.
Data categories: Everything you save through the app: email address, hashed password, readings, notes, share metadata.
Region: Single-region (selected from a United States or European Union jurisdiction at deploy time).

Transactional email relay

Purpose: Delivers email-verification and password-reset messages on our behalf.
Data categories: Recipient email address, message subject and body, delivery metadata. Does not see your readings.
Region: Multi-region.

Optional social sign-in (Google)

Purpose: Authenticates you when you choose to sign in with Google instead of email and password. Used only if you click "Continue with Google."
Data categories: Standard OpenID Connect claims: your Google account identifier, email, name, and profile image.
Region: Multi-region (operated by Google LLC).

Registered agent and corporate compliance

Purpose: Receives legal service of process and statutory mail on behalf of the operating company.
Data categories: Receives no Mapigo Health user data. Listed here for completeness because the entity is named on the Privacy notice and Terms.
Region: United States (Wyoming).

Specific names on request

You can request the identity of the specific vendors we use in each category above. Send the request to hello@mapigo.health with the subject line Service provider request and include the email address associated with your Mapigo account so we can confirm the request belongs to a data subject covered by the relevant law.

We respond within the timeframe applicable to your jurisdiction’s data-subject-access rules (typically 30 days) and provide the vendor identity for each category you specify. The exception is the optional social sign-in provider, which is named on this page because the choice to use it is yours and the brand is visible on the sign-in screen.

Changes to this list

We will update this page when the categories of processors change materially — for example, when we add a new class of service provider, when a category’s region of operation changes, or when the data categories a provider can access change.

Material additions will be published here at least fourteen (14) days before they take effect, so that you have an opportunity to review the change and exercise the rights described in the Privacy notice. Routine substitution of one vendor for another within the same category and region is treated as a non-material change and will be reflected on this page when it occurs.

Contact

Questions about service providers can be sent to hello@mapigo.health. For the engineering-level description of what runs where, see How we handle data.