GDPR subprocessors

&frankly utilizes the following sub-processors in its delivery of its services

Amazon Web Services Europe

https://aws.amazon.com

Provisioning and operations of server and infrastructure services (PaaS) 

Data handled: All data handled in the service

Location of processing: EU/ESS (Frankfurt data centers)

ChurnZero Inc

https://churnzero.net

Customer journey analysis and user notifications/email during service usage. 

Data handled: Name, email and user activity in &frankly (no response data)

Location of processing: EU/ESS (Ireland datacenters). Allowed support personell may access activity data from the US. In addition to a signed DPA, this processing is covered by US Privacy Shield or Model contractual clauses.

Twilio SendGrid

 https://sendgrid.com/

Transactional emails 

Data handled: Email address and email activity (receipts, read events)

Location of processing: US. In addition to a signed DPA, this processing is covered by US Privacy Shield or Model contractual clauses.

 

Cloudflare Inc

https://www.cloudflare.com/

Infrastructure provider (IaaS) providing CDN, WAF, Network acceleration

Data handled: IP-adress & traffic logs

Location of processing: Worldwide (ip-addresses may be logged on servers globally)

ZenDesk

https://www.zendesk.com/

Support services, providing SaaS tool for support ticket handling 

Data handled: Name, email, support ticket details

Location of processing: US. In addition to a signed DPA, this processing is covered by US Privacy Shield or Model contractual clauses.

HubSpot

https://www.hubspot.com/

Marketing & leads handling

Data handled: Name, email, marketing website activity (only for users who opt in for such on our marketing web, not all users)

Location for processing: US. In addition to a signed DPA, this processing is covered by US Privacy Shield or Model contractual clauses.

 

Google Analytics

https://www.google.com/

Traffic analytics and Maps

Data handled: Email Ip-adress & website activity

Location of processing: Worldwide (distributed in EU/ESS and USA)

GetAccept

https://www.getaccept.com/

Legal agreements 

Data handled: Digitally signed agreements 

Location of processing:US. In addition to a signed DPA, this processing is covered by US Privacy Shield or Model contractual clauses.

OneSignal

https://onesignal.com/

Infrastructure provider providing push notification delivery

Data handled: Device identifiers and basic device data for app users, connected to the users &frankly pseudonymous id (no direct personally identifiable information such as name, email etc.)

Location of processing: US. In addition to a signed DPA, this processing is covered by US Privacy Shield or Model contractual clauses.

AppCues

https://www.appcues.com/

Software provider (SaaS), providing product guidance and help overlays in our application.

Data handled: IP-address, &frankly pseudonymous id, user role and name for personalization of tooltips & guides.

Location of processing: US. In addition to a signed DPA, this processing is covered by US Privacy Shield or Model contractual clauses.

Sentry

https://sentry.io/

Software provider (SaaS) providing logging for errors occurring in our application for troubleshooting & quality improvements.

Data handled: IP-address, &frankly pseudonymous id, basic user agent details

Location of processing: US. In addition to a signed DPA, this processing is covered by US Privacy Shield or Model contractual clauses.