GDPR Blog: Third Party Services


When building modern web applications, it can be daunting to do it alone. We take all of the help we can get!

Handling payments, sending automated emails, and creating the infrastructure to serve a worldwide audience is hard, so we have worked with a handful of trusted third-party services to help power our platform.

We wanted to share some of our favorite services. We hope this will illuminate what Personally Identifiable Information or PII (digital information about you) is shared and why. If you want to read more about our data practices and the other services we use, check out this longer explanation of how we handle data security.



DigitalOcean is a leading cloud computing platform that we use to host our application and database servers. They help us support learners around the world with reliability and fast load times.

Though DigitalOcean hosts our databases that contain Personally Identifiable Information from the platform, we take several measures to keep the data secure, including end-to-end encryption and private networking.

DigitalOcean has taken steps to comply with GDPR that you can read about here.



We get a lot of questions about how we handle credit card payments securely. We never store credit card information or any other information that can be used to create payments. Instead, we utilize Stripe — one of the leading credit card processors for small businesses globally.

When we let Stripe take care of your payments, we offload all of the sensitive data to them, including your real name, email address, and credit card number. Stripe has their own rigorous standards to ensure that they handle your payment data securely. They have also been a leader in documenting best practices for GDPR.



Postmark helps us send automated emails like password resets, weekly course summaries, and @mentions from the platform. They’re run by an awesome company called Wildbit that, like us, has never taken investment.

When they send you an email, we make sure they have as little Personally Identifiable Information as possible — they usually only have your name and email address.

You may be interested in this awesome resource Postmark created for smaller companies getting ready for GDPR.


Working with trusted partners focused on user security is a must for us here at TechChange. What third party services does your organization work with?


Image pictured here from

Also on TechChange Main

Aviro featured image
TechChange Alumnus Launches mHealth App to Correctly Prescribe Antiretrovirals for HIV

Treating HIV with antriretroviral treatment (ARV) medication can be very challenging, given how complicated it can be to dispense these...

Fellow Spotlight: Emma Demers

Emma Demers joined the TechChange team as a Summer Education Fellow! Emma graduated from Brown University and recently completed a...

3 Things You Missed at Our Website Launch Party

TechChange has come a long way since we built our first site in 2010. Five years and 400,000 lines of...