PlaybookUX Data Subprocessors
Last Updated: June 2024
In order to better serve our clients, we use data subprocessors. This page provides a breakdown of all subprocessors. We have signed DPA (data processing addendums) with all of our subprocessors.
Atlassian (Sydney, Australia)
https://www.atlassian.com/trust/security
Certifications: ISO27001, SOC2 Type 2
Reason: Feature requirements, bug tracking
Data processed: Employee name, Employee email address
DPA: Signed as a part of the Terms.
Amazon Web Services (Washington, USA)
https://aws.amazon.com/security/
Certifications: ISO27001, SOC3, Privacy Shield
Reason: Data storage, backups, SSL, DNS for clients.
Data processed: Anonymized data.
DPA: Signed as a part of the Terms.
Bitdefender (California, USA)
https://www.bitdefender.com/en-us/
Certifications: ISO27001, SOC2
Reason: Threat prevention and detection.
Data processed: Anonymized data.
DPA: Signed as a part of the Terms.
Cloudflare (California, USA)
https://www.cloudflare.com/
Certifications: ISO27001, SOC2
Reason: Cybersecurity.
Data processed: Anonymized data.
DPA: Signed as a part of the Terms.
DataDog (New York, USA)
https://www.datadoghq.com/security/
Certifications: ISO27001, SOC2
Reason: Infrastructure metrics & monitoring. Application logging.
Data processed: Anonymized data.
DPA: Signed as a part of the Terms.
Google Cloud Services (California, USA)
https://cloud.google.com/security/
Certifications: ISO27001, SOC3, Privacy Shield
Reason: Data storage, backups, SSL, DNS, Transcription for clients.
Data processed: Anonymized data, video files for speech-to-text.
DPA: Signed as a part of the Terms.
Github (California, USA)
Certifications: ISO27001, SOC2 Type 2
Reason: Code repository
Data processed: Staging, testing and production code
DPA: Signed as a part of the Terms.
Stripe (California, USA)
https://stripe.com/privacy-center/legal
Certifications: PCI
Reason: Payment processing for pay as you go and subscriptions.
Data processed: Billing name, contact email, company name, card metadata.
DPA: Signed November 19th, 2020
Sprinto (California, USA)
Certifications: SOC2 Type 2
Reason: SOC2 & ISO compliance
Data processed: Name, company, email address
DPA: Signed as a part of the Terms.
Sentry (Wisconsin, United States)
Certifications: Privacy Shield
Reason: error logging
Data processed: IP address, project details, browser information, device
DPA: Signed November 19th, 2020
Hubspot Inc (Massachussetts , United States)
Certifications: ISO27001, SOC2 Type 2
Reason: Sales engagement
Data processed: Email, phone number, company name & public company information
DPA: Signed as a part of the Terms.
Slack (California, United States)
https://slack.com/trust/security
Certifications: SOC2 Type II, ISO/IEC 27001, ISO/IEC 27701
Reason: Internal communication
DPA: Signed as a part of the Terms.
Session Stack (Bulgaria, EU)
https://docs.sessionstack.com/docs/security-and-compliance-overview
Certifications: SOC2, SOC3, ISO 27001
Reason: Troubleshooting and bug handling
Data processed: name, email, IP address, project attributes
DPA: Signed as a part of the Terms.
Intercom (California, United States)
https://www.intercom.com/security
Certifications: SOC2 Type 2, Privacy Shield
Reason: Customer support
Data processed: IP address, browser information, device, email, name
DPA: Signed as a part of the Terms.
Upwork (California, United States)
Certifications: SOC2 Type 2, ISO27001
Reason: Internal time tracking
Data processed: IP address, browser information, device, email, name
DPA: Signed as a part of the Terms.
Tremendous (New York, United States)
https://www.tremendous.com/
Reason: Gift card distribution
Data processed: Email, name
DPA: Signed as a part of the Terms.
Airtable (California, United States)
Certifications: SOC2 Type 2, ISO 27001
Reason: Project management
Data processed: Customer name, project information
DPA: Signed as a part of the Terms.
ZoomInfo (Washington, United States)
https://www.zoominfo.com/
Certifications: SOC2 Type 1, GDPR Compliant, CCPA Compliant
Reason: Sales prospecting
Data processed: Customer sales information (email and name)
DPA: Signed as a part of the Terms.
Pathfix (Delaware, United States)
Reason: Manage integrations
Data processed: Name, email
DPA: Signed as a part of the Terms.
Brevo (France)
https://www.sendinblue.com/legal/privacypolicy/
Certifications: ISO 27001
Reason: Marketing communications
Data processed: Name, email, company name
DPA: Signed as a part of the Terms.
PayPal Inc (Delaware, United States)
https://www.paypal.com/us/security/
Certifications: SOC2 Type 2, ISO27001
Reason: Participant payments
Data processed: Name, email, paypal address
DPA: Signed as a part of the Terms.
Notion Labs Inc (California, United States)
https://www.notion.so/security
Certifications: SOC2 Type 2
Reason: Internal project management
Data processed: Name, email, internal project details
DPA: Signed as a part of the Terms.
Rev (Texas, United States)
Certifications: SOC2 Type 2
Reason: Audio transcription
Data processed: Video files for speech-to-text.
DPA: Signed as a part of the Terms.
WorkOS (California, United States)
Certifications: SOC2 Type 2
Reason: Log ins
Data processed: company name, email address
DPA: Signed as a part of the Terms.
ZenPayroll, Inc (California, United States)
https://gusto.com/security
Certifications: SOC2 Type 2
Reason: Employee payroll
Data processed: Employee name, DOB, bank details and employment information
DPA: Signed as a part of the Terms.
Zoom (California, United States)
https://explore.zoom.us/docs/ent/privacy-and-security.html
Certifications: SOC2 Type 2
Reason: Video conferencing, live conversations
Data processed: full name
DPA: Signed as a part of the Terms.
