International Transfers Notice
How we protect your data when it is transferred outside the UK.
Version 2.4.0Last Updated
Company: Y.O.D.O. Ltd (Company No. 15736034)
Registered Office: 42 Mayfair Gardens, Southampton, SO15 2TW, United Kingdom
ICO Registration: ZC015883 (Data Protection Lead: Mrs Theodosia Kouraki)
EU Representative under Article 27 EU GDPR: Christina-Eloiza Kouraki, Marasli 29, Athens 10676, Greece, email eloizakouraki@yahoo.gr.
Contact: info@yodo.ltd
Toggle changelog details. What changed in v2.4.0 (5 June 2026)
Version 2.4.0 · 5 June 2026
- Territorial scope clarified: Y.O.D.O. actively offers the Service across the United Kingdom and the European Economic Area (EEA). Replaces previous "UK-first" wording.
Earlier revisions
Version 2.2.0 · 02 June 2026 (Effective 28 June 2026)
- Added four providers already in use that were omitted from this notice: ScoutAPM, Honeybadger, Better Stack and GitHub. Correction of an omission; these providers were already engaged under Article 28 terms and appropriate transfer safeguards (UK IDTA / EU SCCs or UK adequacy regulations for the EEA leg) are in place. No new processing begins.
Version 2.3.0 · 28 May 2026 (Effective 28 June 2026)
- Added Google Ireland Limited (Google LLC group) to the provider transfer mapping. Y.O.D.O. has adopted Google Workspace Business Starter for inbound business email at info@yodo.ltd and for operational document storage in Google Drive.
- Clarified that the existing Google LLC Identity Provider entry is a separate processing relationship from the Google Workspace processor entry added in v2.3.0.
- The 30-day advance notice required by §5 of our Sub-processors List was issued to active Account Holders on 28 May 2026; the change takes effect on 28 June 2026.
Version 2.1.0 · 15 May 2026
- EU Representative under Article 27 EU GDPR appointed: Christina-Eloiza Kouraki (Athens, Greece). EU/EEA queries now route to the appointed representative.
- Partner referral parameters: 6 months changed to 3 months (aligned to Terms Schedule F).
Version 1.9.0 · 14 May 2026
- Added Google LLC and LinkedIn Corporation to the provider transfer mapping as Identity Providers.
- Twilio row expanded to Twilio Ireland Limited; clarified UK adequacy for the EEA leg.
Y.O.D.O. is established in the United Kingdom and actively offers the Service across the United Kingdom and the European Economic Area (EEA). We allow sign-ups from outside the UK and EEA, and we use service providers that may process data internationally. We do not accept sign-ups from countries or persons where the supply of our Service is prohibited by applicable sanctions, export controls, or other laws that bind us.
Safeguards we use
Where we transfer personal data outside the UK (and where applicable outside the EEA), we use appropriate safeguards. Depending on the circumstances, these safeguards may include:
- The UK International Data Transfer Agreement (UK IDTA)
- The UK Addendum to the EU Standard Contractual Clauses (SCCs)
- Adequacy regulations (for example, transfers to EEA countries are covered by the UK's adequacy regulations recognising EEA states as providing adequate protection)
- Additional technical and organisational measures
Provider transfer mapping
The table below summarises the primary processing locations and safeguards for our main providers. For full details of each provider's role and the data involved, see our Sub-processors List.
| Provider | Primary processing location | Transfer safeguard |
|---|---|---|
| Amazon Web Services (AWS) | US / EU | UK IDTA / SCCs |
| Cloudflare | Global (anycast network) | UK IDTA / SCCs |
| Render | US | UK IDTA / SCCs |
| Crunchy Data | US | UK IDTA / SCCs |
| Stripe | US | UK IDTA / SCCs |
| Twilio (Twilio Ireland Limited) | EU (Ireland), may transit US | UK adequacy regulations for the EEA leg; UK IDTA / EU SCCs for any US-leg processing |
| Resend | US | UK IDTA / SCCs |
| Persona | US | UK IDTA / SCCs |
| Google Ireland Limited (Google LLC group), Google Workspace | EEA primary (Dublin, Ireland); US for support routing where applicable | UK adequacy regulations for the EEA leg; UK IDTA / EU SCCs for any US-leg processing (incorporated by reference in the Google Workspace Data Processing Amendment and Model Contract Clauses) |
| Google LLC (Identity Provider, Account Holder Google sign-in) | US | UK IDTA + EU SCCs. This is a separate processing relationship from the Google Workspace processor entry added in v2.3.0. |
| LinkedIn Corporation (Identity Provider, Account Holder LinkedIn sign-in) | US | UK IDTA + EU SCCs |
| Cookiebot (Cybot A/S) | EU (Denmark) | Intra-EEA transfer; covered by UK adequacy regulations recognising the EEA. No UK IDTA/SCCs required for UK→EEA flows under current UK regulations. |
| Google Analytics (optional) | US | UK IDTA / SCCs (consent-based only) |
| ScoutAPM | US | UK IDTA / SCCs |
| Honeybadger | EU region; US parent | UK adequacy regulations for the EEA leg; UK IDTA / EU SCCs for any US-leg processing |
| Better Stack | EU (data stored in EU regions) | UK adequacy regulations for the EEA; no UK IDTA / SCCs required for UK to EEA flows |
| GitHub | US | UK IDTA / SCCs |
Additional sub-processors (effective 28 June 2026)
Google Ireland Limited (Dublin, Ireland; Google LLC group), Google Workspace. Purpose: business email (info@yodo.ltd inbound) and operational document storage on Google Drive. EEA contracting entity: Google Ireland Limited. Some processing transits US infrastructure (Google LLC) for support, routing and certain back-end services. Mechanism: UK adequacy regulations for the EEA leg; UK IDTA + EU SCCs for any US-leg processing, incorporated by reference in Google's Workspace Data Processing Amendment and Model Contract Clauses (executed via the Google admin console as part of subscription setup).
UK adequacy status
The UK currently benefits from an adequacy decision by the European Commission, meaning personal data can flow from the EEA to the UK without additional safeguards. We monitor the status of this decision. If it changes, we will update our transfer mechanisms accordingly.
Partner referral parameters
When someone arrives through a Partner link, the tracking tags and Partner code we use for the 15% Partner discount are handled inside the same UK, EU and US systems listed above (mainly AWS, Cloudflare, Render and Crunchy Data) and protected by the same UK IDTA and SCC safeguards. The Partner programme does not send your data to any new country or company. See Schedule F of our Terms and Cookies Policy §6 for how long we keep this data and the 3-month window to use the discount.
We do not guarantee that international laws provide the same level of protection as UK law, but we take steps to protect personal data and to limit transfers to what is necessary to operate the Service.
More information
For more information about our providers, see our Sub-processors list and our Privacy Policy.
Questions?
If you have questions about international data transfers, contact:
For data protection queries including international transfers, you may mark your email for the attention of the Data Protection Lead.