GDPR subprocessors

&frankly utilizes the following sub-processors in its delivery of its services

Amazon Web Services Europe

https://aws.amazon.com

Provisioning and operations of server and infrastructure services (PaaS) 

Data handled: All data handled in the service

Location of processing: EU/ESS (Frankfurt data centers). Processing is covered
by DPA including Model/Standard Contractual Clauses (SCC).

Delighted, LLC

https://delighted.com/

Performs customer satisfaction measurements (Net Promotor Score)

Data handled: Name, email, basic account details only for randomly selected administrators in our customer accounts, unless customer has opted out of measurements.

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

Twilio SendGrid

 https://sendgrid.com/

Transactional emails 

Data handled: Email address and email activity (receipts, read events), phone numbers (if provided on specific users)

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

 

Cloudflare Inc

https://www.cloudflare.com/

Infrastructure provider (IaaS) providing CDN, WAF, Network acceleration

Data handled: IP-address & traffic logs

Location of processing: Worldwide (ip-addresses may be logged on servers globally). Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

ZenDesk

https://www.zendesk.com/

Support services, providing SaaS tool for support ticket handling 

Data handled: Name, email, support ticket details

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

HubSpot

https://www.hubspot.com/

Marketing & leads handling

Data handled: Name, email, account activity data, marketing website activity

Location for processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).

 

Google Analytics

https://www.google.com/

Traffic analytics and Maps

Data handled: Ip-adress & website activity

Location of processing: Worldwide (distributed in EU/ESS and USA)

GetAccept

https://www.getaccept.com/

Legal agreements 

Data handled: Digitally signed agreements with personal data in them, limited to personal data within agreements.

Location of processing:US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC)

OneSignal

https://onesignal.com/

Infrastructure provider providing push notification delivery

Data handled: Device identifiers and basic device data for app users, connected to the users &frankly pseudonymous id (no direct personally identifiable information such as name, email etc.)

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC)

Sentry

https://sentry.io/

Software provider (SaaS) providing logging for errors occurring in our application for troubleshooting & quality improvements.

Data handled: IP-address, &frankly pseudonymous id, basic user agent details

Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC)