GDPR says that we ought to tell you what we do with Personal Data. It also says that we ought to use human-friendly language.
This is a listing of 3rd parties that FirstOfficer uses and who could, even in principle, have some kind of way to see Personal Data.
The reason why this listing is not in the Data Processing Agreement (DPA) itself is that the DPA is supposed to be "in writing", a real signed document. That's why we listed only the core sub-processors there. We don't want to bother you with full signatures every time we change a bug tracker app or accounting service.
Here's how it works: We will email you 10 days before we add any new sub-processors or ancillary services. That way you have time to cancel/complain if you don't approve the new services. You can find the explanation of this process in DPA clause 9.3.
Please note that as you use FirstOfficer.io, we also collect Personal Data from you and that's outside of the DPA. The services that FirstOfficer uses when it handles your own Personal Data are listed in group 3. and further. We don't email you when those change, we just make sure everyone is GDPR compliant and that we have a legal DPA at place.
DISCLAIMER This list is still under work until 25th May, 2018. During that time we don't send any email notifications about the changes.