PlaybookUX Data Subprocessors

Last Updated: October 2022

In order to better serve our clients, we use data subprocessors. This page provides a breakdown of all subprocessors. We have signed DPA (data processing addendums) with all of our subprocessors.

 

Atlassian (Sydney, Australia)

https://www.atlassian.com/trust/security

Certifications: ISO27001, SOC2 Type 2

Reason: Feature requirements, bug tracking

Data processed: Employee name, Employee email address

DPA: Signed as a part of the Terms.

 

Amazon Web Services (Washington, USA)

https://aws.amazon.com/security/

Certifications: ISO27001, SOC3, Privacy Shield

Reason: Data storage, backups, SSL, DNS for clients.

Data processed: Anonymized data.

DPA: Signed as a part of the Terms.

 

Google Cloud Services (California, USA)

https://cloud.google.com/security/

Certifications: ISO27001, SOC3, Privacy Shield

Reason: Data storage, backups, SSL, DNS, Transcription for clients.

Data processed: Anonymized data, video files for speech-to-text.

DPA: Signed as a part of the Terms.

 

Github (California, USA)

https://github.com/security

Certifications: ISO27001, SOC2 Type 2

Reason: Code repository 

Data processed: Staging, testing and production code

DPA: Signed as a part of the Terms.

 

 

Stripe (California, USA)

https://stripe.com/privacy-center/legal 

Certifications: PCI

Reason: Payment processing for pay as you go and subscriptions.

Data processed: Billing name, contact email, company name, card metadata.

DPA: Signed November 19th, 2020

 

SecureFrame (California, USA)

Certifications: SOC2 Type 2

Reason: SOC2 & ISO compliance

Data processed: Name, company, email address

DPA: Signed as a part of the Terms.

 

Sentry (Wisconsin, United States)

https://sentry.io/security/

Certifications: Privacy Shield

Reason: error logging

Data processed: IP address, project details, browser information, device

DPA: Signed November 19th, 2020

 

Hubspot Inc (Massachussetts , United States)

https://www.hubspot.com/

Certifications: ISO27001, SOC2 Type 2

Reason: Sales engagement

Data processed: Email, phone number, company name & public company information

DPA: Signed as a part of the Terms.

 

Slack (California, United States)

https://slack.com/trust/security

Certifications: SOC2 Type II, ISO/IEC 27001, ISO/IEC 27701

Reason: Internal communication

DPA: Signed as a part of the Terms.

 

Session Stack (Bulgaria, EU)

https://docs.sessionstack.com/docs/security-and-compliance-overview

Certifications: SOC2, SOC3, ISO 27001

Reason: Troubleshooting and bug handling

Data processed: name, email, IP address, project attributes

DPA: Signed as a part of the Terms.

 

Intercom (California, United States)

https://www.intercom.com/security

Certifications: SOC2 Type 2, Privacy Shield

Reason: Customer support

Data processed: IP address, browser information, device, email, name

DPA: Signed as a part of the Terms.

 

Upwork (California, United States)

https://www.upwork.com/

Certifications: SOC2 Type 2, ISO27001

Reason: Internal time tracking

Data processed: IP address, browser information, device, email, name

DPA: Signed as a part of the Terms.

 

Tremendous (New York, United States)

https://www.tremendous.com/

Reason: Gift card distribution

Data processed: Email, name

DPA: Signed as a part of the Terms.

 

Airtable (California, United States)

https://airtable.com/

Certifications: SOC2 Type 2, ISO 27001

Reason: Project management

Data processed: Customer name, project information

DPA: Signed as a part of the Terms.

 

ZoomInfo (Washington, United States)

https://www.zoominfo.com/

Certifications: SOC2 Type 1, GDPR Compliant, CCPA Compliant

Reason: Sales prospecting

Data processed: Customer sales information (email and name)

DPA: Signed as a part of the Terms.

 

 

Pathfix (Delaware, United States)

https://pathfix.com/security/

Reason: Manage integrations

Data processed: Name, email

DPA: Signed as a part of the Terms.

 

Sendinblue (France)

https://www.sendinblue.com/legal/privacypolicy/

Certifications: ISO 27001

Reason: Marketing communications

Data processed: Name, email, company name

DPA: Signed as a part of the Terms.

 

PayPal Inc (Delaware, United States)

https://www.paypal.com/us/security/

Certifications: SOC2 Type 2, ISO27001

Reason: Participant payments

Data processed: Name, email, paypal address

DPA: Signed as a part of the Terms.

 

 

Notion Labs Inc (California, United States)

https://www.notion.so/security

Certifications: SOC2 Type 2

Reason: Internal project management

Data processed: Name, email, internal project details

DPA: Signed as a part of the Terms.

 

 

Rev (Texas, United States)

https://www.rev.com/

Certifications: SOC2 Type 2

Reason: Audio transcription

Data processed: Video files for speech-to-text.

DPA: Signed as a part of the Terms.

 

 

 

WorkOS (California, United States)

https://workos.com/security

Certifications: SOC2 Type 2

Reason: Log ins

Data processed: company name, email address

DPA: Signed as a part of the Terms.

 

ZenPayroll, Inc (California, United States)

https://gusto.com/security

Certifications: SOC2 Type 2

Reason: Employee payroll

Data processed: Employee name, DOB, bank details and employment information

DPA: Signed as a part of the Terms.

Zoom (California, United States)

https://explore.zoom.us/docs/ent/privacy-and-security.html

Certifications: SOC2 Type 2

Reason: Video conferencing, live conversations

Data processed: full name

DPA: Signed as a part of the Terms.