When providing software services to you, for the patient data you enter within the platform, you are the Data Controller and we are the Data Processor.
To deliver our service, there are occasions where we use sub-contractors (known as sub-processors). Sub-processors may potentially have access to or process personal data of patients you've interacted with when using the Hero platform.
This page sets out the Sub-processors we use, for what function/s we use them, and how they help us to deliver our services.
Please note, this webpage should not be taken as a binding agreement. The information provided here is to illustrate our engagement process for sub-processors and the actual list of third party sub-processors.
We evaluate the security practices of our Sub-processors that will or may process Personal Data to ensure they have acceptable security, privacy and confidentiality practices.
Our Sub-processor contracts ensure that Sub-processors will:
Implement and maintain technical and organisational measures to protect Personal Data
Provide regular training in security and data protection to personnel to whom they grant access to Personal Data
Promptly inform us about any actual or potential security breach
Co-operate with us to respond to requests from data controllers, data subjects or data protection authorities on your instructions
From time to time we may update or add suppliers to our list of sub-processors. As per the DPA, we will give you 14 days notice for you to object to your Personal Data being processed by the proposed changes to our sub-processors list.
The list of sub-processors we engage to help us deliver services to NHS and private providers. We may process patient identifiable data through these providers:
Sub-processor | Purpose of Processing Personal Data | Server Geography | Applicable Features/ Use of personal data |
Amazon Web Services, Inc. | Cloud hosting | UK | Entire app |
FireText Communications Ltd | Clinician to patient SMS | UK | Messaging, Batch messaging |
Microsoft 365 | Clinician to patient email | UK | Messaging, Batch messaging |
Whereby Ltd. | Video consultations | EEA | Video |
Heroku (Salesforce, Inc.) | Cloud platform as a service (PaaS) that supports several programming languages | EEA | Hosting services |
New Relic, Inc. | Software analytics company providing insights into application performance | EEA | Production monitoring tools |
Kinde | Secure sign-in service | UK | Admin Sign-in |
Vercel | Cloud hosting | UK | Hosting services |
Rollbar | Error logging | EU | Production monitoring tools |
CloudGateway | HSCN connectivity | UK | Networking infrastructure |
Posthog | App monitoring | EU | Production monitoring tools |
EMIS Health | Clinical system (EHR) integration — availability sync, booking, write-to-record | UK | Patient NHS number, EHR identifiers, clinical data transmitted for write-to-record |
TPP (SystmOne) | Clinical system (EHR) integration — availability sync, booking | UK | Patient EHR identifiers, availability/slot data |
Kinde | Identity and authentication provider (admin users) | UK | Admin user email, Kinde user/org identifiers |
NHS (PDS — Personal Demographics Service) | Patient demographic lookups and verification | UK (NHS Digital infrastructure) | Patient NHS number, demographic data returned from PDS |
NHS Notify | Patient notification delivery via NHS Notify channel (where enabled) | UK | Patient contact details, notification content |
GP Connect | NHS API used solely to register patients as temporary patients in the EHR (temporary registration endpoint). No data is retrieved or stored in Hero via GP Connect; only PDS-verified patient identity data already held in Hero is transmitted outbound to the EHR. | UK | PDS-verified patient identity data (name, DOB, NHS number, address) transmitted outbound from Hero to the EHR for temporary registration. No inbound data stored in Hero. |
The list of additional sub-processors we engage to help us deliver our services to only our private providers. We may process patient identifiable data through these providers:
Sub-processor | Purpose of Processing Personal Data | Server Geography | Applicable Features |
Pharmacierge | Online pharmacy fulfillment of e-prescriptions (private practice, where enabled) | UK | Patient name, address, prescription data |
Twilio Inc. [Optional] | Clinician to patient SMS and automated SMS | US | Messaging, Batch messaging, Invoicing |
Signature Healthcare services Limited | Electronic prescription service | UK | Private Prescribing |
Healthcode | Insurance billing submission (private practice) | UK | Patient name, DOB, sex, address, insurer details, diagnosis codes, treatment details |
Chemist4U | Online pharmacy fulfillment of e-prescriptions (private practice, where enabled) | UK | Patient name, address, prescription data |
Where Hero Doctor Limited is the Data Controller, we work with additional sub-processors. These sub-processors won't have visibility of patient identifiable data.
These sub-processors may be able to see data for which Hero Doctor is the data controller. This could include a limited set of data on Hero administrators or practitioners. Example use cases would be where we store identifiable data to manage our customer relationships or understand how our services are used. The list of processors is:
Sub-processor | Purpose of Processing Personal Data | Server Geography | Applicable Features |
ProductLane | Customer messaging platform | EU | User engagement/ customer support |
Attio | Customer management and data visualisation | UK | Customer support, Commercial |
Metabase | Data analytics | EU | Support/Analytics |