Last update : May 2025
This documentation describes the environment of Implicity's subcontractors: some of these subcontractors are hosted on Implicity's own infrastructure, while others are fully or partially hosted on third-party infrastructures.
Please note that the health data of European patients is stored within the European Union, and that the health data of US patients is stored in the United States.
In the event that the certified activity does not benefit from a SecNumCloud qualification (version 3.2) and does not involve any transfer of personal health data to a country outside the European Economic Area, the Host must communicate the following information: 'No transfer of personal health data to a country outside the European Economic Area
| Service provided | Sub-processors | Purpose of processing and data | Location of sub-processors | Further Security Information |
| Implicity Platform Hosting Service | AWS | Certified health data host hosting the platform, Patient Data, and User Data. | European Union (Paris, France) USA (for United States data) | Certified ISO 27001 and "Hébergeur de données de santé" (HDS) |
| Data Hosting Service | OVH | Backup hosting service and key outsourcing | 2 rue Kellermann, 59100 Roubaix, RCS de Lille Métropole 424 761 419 00045 | Certified ISO 27001 and "Hébergeur de données de santé" (HDS) |
| Data Hosting Service | Google Cloud Platform | Certified health data host hosting the Implicity mobile application, Patient Data, and User Data. | European Union United States (HIPAA) | Certified ISO 27001 and "Hébergeur de données de santé" (HDS) |
| Cloud Hosting and Database | Mongo DB | Database management solution processing Patient and User Data. | European Union United States (for US data) | ISO 27001 certified and uses an ISO 27001 and "Hébergeur de données de santé" (HDS) certified hosting service Standard Contractual Clauses EU |
| User Support via Messaging | CRISP IM SARL | Messaging support service, processing User Data (email, name, and phone number) | European Union | |
| SMS Sending Tool | SMS MODE | SMS service provider | European Union | ISO 27001 and 27701 certified |
| Plivo | SMS service provider | European Union United States (HIPAA) | SOC 2 Type 2 certified | |
| User Analytics Tool | Amplitude | Analytics service provider processing User Data | United States | Certifié ISO 27001 SOC 2 type 1 EU standard contractual clause |
| Transfer of Documents and Data | Google Drive | Tool for securely sending sensitive data and documents, for processing User and Patient Data | European Union United States (HIPAA) | ISO 27001 and "Hébergeur de données de santé" (HDS) certified |
| Virtru | Encrypted e-mail solution | United States | SOC Type 2 certified | |
| Monitoring, Management, and Analysis of Data Generated by the IS | Datadog | Data security analysis tool for data generated by the information system, which may process User Data (IP address) | European Union (for European data) United States | ISO 27001 certified EU Standard Contractual Clause |
| Bug, Incident, and User Feedback Monitoring | Jira | Development and bug tracking system that may process User Data | United States European Union | ISO 27001 certified EU Standard Contractual Clause |
| Gitlab | Code management system that may process User Data | United States | Soc 2 type 2 and Soc 3 type 2 certified EU Standard Contractual Clause | |
| Zendesk | System for tracking user feedback, processing User Data (names and emails) | United States | ISO 27001 certified EU Standard Contractual Clause | |
| Zapier | Tool allowing information flow from one system to another (in particular, the flow of Client and User names from Crisp to Zendesk) | United States | EU Standard Contractual Clause | |
| Customer Relationship Management | Salesforce | Customer relationship management system and Client and User Data | United States | ISO 27001 certified EU Standard Contractual Clause |
| Information Management Tool | Notion | Can host Client/User/supplier/consultant data | United States | Soc 2 Type 1 EU Standard Contractual Clause |
| Payment Services | Stripe | Processing of Client and User Data for payments | United States and other regions | EU Standard Contractual Clause |
| Technical Problem Resolution | Noveo | Development and resolution of technical problems, restricted access to personal data. | European Union (France) | |
| Invoicing | Pulse Santé | Software for managing the invoicing of remote monitoring activities. | European Union (France) | |
| Application Distribution | Google Play Store | Distribution of the Android Implicity application | European Union United States | |
| Apple Store | Distribution of the iOS Implicity application | European Union United States | ||
For remote monitoring of heart failure (service only available in France) | ||||
| Nursing Service | Nurses | Nursing service for the management of alerts and/or assistance to patients with heart failure (at the Client's discretion) | European Union (France) | Implicity uses state-certified nurses to provide this service |
| Aircall | Call service used by nurses for alert management | European Union (Germany) | Uses an ISO 27001 certified and "Hébergeur de données de santé" (HDS) certified hosting service | |
| Provider of Individual Connected Devices | Withings | Provider of connected scales, processing patient data | European Union (France) | ISO 27001 and "Hébergeur de données de santé" (HDS) certified |
| For participation in health studies | ||||
| eCRF Provider for Clinical Trials | OpenClinica | Platform providing and managing eCRFs for clinical trials, processing patient data | European Union (Frankfort, Germany) | Uses an ISO 27001 certified and "Hébergeur de données de santé" (HDS) certified hosting service |