Subprocessors

Last updated: 29/06/2026

Caterlytix uses trusted third-party providers to support the delivery, operation, security, and maintenance of Trac.

This page provides information about the third-party subprocessors and service providers used by Caterlytix Ltd in connection with the Trac platform.

Trac is a secure cloud-based integration and interoperability platform that enables the controlled exchange, validation, transformation, and synchronisation of operational data between authorised systems.

This page should be read alongside our:

- Privacy Notice
- Data Processing Addendum
- Security Overview
- Integration Partner Terms
- API Terms

1. What is a Sub-processor?

A subprocessor is a third-party organisation engaged by Caterlytix to process personal data on behalf of Caterlytix where Caterlytix is acting as a processor or subprocessor.

Not every third-party system connected to Trac is a subprocessor of Caterlytix. Some third-party systems are independent controllers, processors appointed directly by the customer, or integration partners operating under their own contractual relationship with the relevant school, trust, caterer, or organisation.

2. Scope of this page

The subprocessors and system service providers listed below may process personal data where required to provide, operate, support, secure, monitor, maintain, or improve the Trac platform and associated integration services.

Trac supports a broad range of integration capabilities through its API and connected services. Depending on the configuration of the relevant integration, the platform may process data relating to organisations, users, pupils, staff, contacts, entitlements, dietary information, transactions, payments, products, orders, finance, reporting, audit activity, technical events, and other operational data made available through the Trac API.

The specific scope of personal data processed for any customer, integration partner, or connected system will be limited to the agreed purpose and shall be documented in the applicable Data Processing Addendum, Integration Specification, Schedule of Works, customer agreement, or other relevant contractual documentation.

Not every Trac integration uses every data category or API endpoint. Data access is configured according to the authorised integration scope, customer instructions, technical requirements, and applicable third-party system permissions.

The categories of personal data processed may include, where applicable and authorised:

- organisation, school, trust, site, and catering location data
- pupil, staff, user, customer, parent, guardian, and authorised contact information
- relationship, parental responsibility, priority contact, and communication details
- year, registration, class, house, group, and other organisational structure data
- Targeted Free School Meals eligibility and Extended Free School Meals eligibility
- dietary preferences, allergens, and other catering-related requirements, where authorised
- meal ordering, menu, product, service, and fulfilment data
- point of sale, online payment, balance, transaction, and reconciliation data, where expressly within scope
- finance, billing, reporting, and operational management data
- administrator, staff, support, and business contact details
- API logs, audit logs, error logs, diagnostic logs, synchronisation records, authentication identifiers, and system event logs

Payment card information and banking information are not processed as part of the standard MIS integration unless expressly documented within the applicable Data Processing Addendum, Integration Specification, Schedule of Works, or other agreed contractual documentation.

3. Current Trac subprocessors and system service providers

Subprocessor / service provider Scope and purpose of processing Categories of personal data Processing and storage locations Transfer of or access to personal data by third parties Legal basis / transfer mechanism
Amazon Web Services (AWS) Cloud hosting, infrastructure, storage, compute, networking, backups, security, and platform availability for Trac. Customer personal data processed through Trac, including MIS integration data, authorised contact data, entitlement data, dietary data where authorised, staff or administrator user data, API logs, audit logs, and technical metadata. UK and/or EEA cloud regions as configured by Caterlytix. Limited support or administrative access may occur from other approved locations where necessary and subject to appropriate safeguards. AWS group companies and approved AWS subprocessors may support delivery of infrastructure services. Data Processing Agreement with AWS. UK GDPR Article 28 processor terms. Appropriate transfer safeguards, including Standard Contractual Clauses and/or UK Addendum where applicable.
Datadog, Inc. Platform monitoring, infrastructure monitoring, application performance monitoring, alerting, logging, and operational diagnostics. Technical and operational data, including system logs, API metadata, performance data, incident data, limited user identifiers, and diagnostic information. Customer personal data is not intentionally submitted to Datadog unless present within logs or error metadata. UK, EEA, US, and/or other approved locations depending on service configuration. Datadog group companies and approved subprocessors may provide hosting, monitoring, and support services. Data Processing Agreement with Datadog. Appropriate transfer safeguards, including Standard Contractual Clauses and/or UK Addendum where applicable.
Sentry.io / Functional Software, Inc. Error monitoring, exception reporting, application diagnostics, and issue tracking for the Trac platform. Error logs, diagnostic data, technical metadata, user or session identifiers, API activity information, and limited personal data where included in error events. Caterlytix applies controls designed to minimise personal data in error logs. UK, EEA, US, and/or other approved locations depending on service configuration. Sentry group companies and approved subprocessors may provide hosting, monitoring, and support services. Data Processing Agreement with Sentry. Appropriate transfer safeguards, including Standard Contractual Clauses and/or UK Addendum where applicable.
Xporter / Community Brands MIS data access and integration services where Xporter is used to support authorised MIS connectivity for Trac integrations. MIS integration data, which may include pupil identity data, school and organisational data, class, year and registration data, authorised contact and relationship information, Targeted Free School Meals eligibility, Extended Free School Meals eligibility, and dietary information where authorised. Primarily UK and/or EEA locations, subject to the Xporter service configuration and applicable customer authorisation. Xporter / Community Brands group companies and approved subprocessors may support delivery of the service. Customer authorisation and applicable processor terms. Data Processing Agreement or equivalent contractual protections. Appropriate transfer safeguards where applicable.
Intercom R&D Unlimited Company Customer support, helpdesk, live chat, support communications, knowledge base functionality, and customer service management. Business contact details, staff or administrator user details, support communications, technical metadata, and any information voluntarily submitted by users in support conversations. Customers and users should not submit unnecessary pupil or sensitive data through support channels. UK, EEA, US, and/or other approved locations depending on service configuration. Intercom group companies and approved subprocessors may support delivery of customer support services. Data Processing Agreement with Intercom. Appropriate transfer safeguards, including Standard Contractual Clauses and/or UK Addendum where applicable.
Google LLC / Google Workspace Business productivity, email, document management, calendar, file storage, collaboration, and administrative communications relating to Trac. Business contact details, staff or administrator user details, contractual communications, support documentation, operational documents, and limited customer data where shared for support, implementation, or contract management purposes. UK, EEA, US, and/or other approved locations depending on service configuration. Google group companies and approved subprocessors may support delivery of workspace, cloud, and productivity services. Data Processing Agreement with Google. Appropriate transfer safeguards, including Standard Contractual Clauses and/or UK Addendum where applicable.
Isotoma Limited DevOps, infrastructure support, technical consultancy, deployment support, platform maintenance, and operational engineering assistance for Trac. Technical data, system configuration data, deployment metadata, support information, and limited customer personal data where access is necessary for troubleshooting, maintenance, security, or operational support. United Kingdom, unless otherwise agreed or required for service delivery. Isotoma personnel and approved subcontractors may access data only where required to provide agreed services. Data Processing Agreement or equivalent contractual terms with Isotoma Limited. UK GDPR Article 28 processor terms.
Other approved professional and technical service providers Specialist support, security review, infrastructure consultancy, implementation assistance, legal, audit, or compliance support where required. Limited personal data strictly necessary for the relevant service. UK, EEA, or other approved locations depending on the provider and nature of the service. Access is limited to approved providers subject to confidentiality and data protection obligations. Appropriate contractual safeguards, including processor terms and transfer mechanisms where applicable.

4. Integration partners and connected systems

Trac may integrate with third-party systems such as MIS platforms, EPOS systems, payment systems, finance platforms, catering systems, kitchen management systems, and reporting tools.

These connected systems may include organisations listed on the Caterlytix partners page.

Integration partners and connected systems are not automatically subprocessors of Caterlytix. Their role will depend on the applicable data flow and contractual relationship. They may act as:

independent controllers
processors appointed directly by the customer
subprocessors appointed by a customer’s processor
integration partners operating under their own agreement with the customer
subprocessors of Caterlytix, where expressly appointed by Caterlytix to process personal data on its behalf

Where a connected system processes personal data under the control or instruction of a school, trust, caterer, or other customer, the customer remains responsible for ensuring that the appropriate lawful basis, authorisation, and contractual arrangements are in place.

5. Customer-authorised integrations

Certain integrations are enabled only where authorised by the relevant customer or data controller.

Depending on the integration, data may be exchanged with systems such as:

- Management Information Systems
- EPOS systems
- online payment systems
- finance systems
- catering management platforms
- meal ordering platforms
- data platforms and reporting tools

The scope of data shared through each integration is limited to the agreed purpose and the data fields required to deliver the relevant service.

6. International transfers

Where personal data is transferred outside the United Kingdom or European Economic Area, Caterlytix will ensure that appropriate safeguards are in place. These may include:

- an adequacy decision
- Standard Contractual Clauses
- the UK International Data Transfer Addendum
- the UK International Data Transfer Agreement
- equivalent contractual protections required by applicable data protection law

7. Security and confidentiality

Caterlytix requires subprocessors to implement appropriate technical and organisational measures to protect personal data.

These measures may include, where appropriate:

- encryption in transit
- encryption at rest
- access controls
- least privilege access
- logging and monitoring
- secure credential management
- confidentiality obligations
- incident response procedures
- vulnerability management
- backup and resilience controls

8. Changes to subprocessors

Caterlytix may update this page from time to time as its platform, infrastructure, systems, and services develop.

Where required under an applicable Data Processing Agreement, Caterlytix will provide notice of material changes to subprocessors and give customers or integration partners the opportunity to object in accordance with the relevant agreement

9. Contact

Questions about Caterlytix subprocessors can be directed to:

Caterlytix Ltd
Spaceworks
Benton Park Road
Newcastle upon Tyne
England
NE7 7LX

Email: dpo@caterlytix.com