Integrations

Document Summary

Data Subprocessors

Download PDF
Our approach to security and privacyOur approach to security and privacy
Back to Trust Center

Last updated: 27 November 2023

What is a sub-processor?

‘Customer data’ is personal data processed by Secure Code Warrior (acting as a processor) on behalf of the customer (acting as a controller) to provide our products and/or services.

A ‘sub-processor’ is a third-party (such as a contractor, service provider or vendor) further engaged by Secure Code Warrior to help us process customer data for the same purpose. We engage different types of sub-processors to perform various functions as explained in the table below.

Where we act as an independent controller

Where Secure Code Warrior acts as an independent controller, we process personal data on our own behalf and for our own business purposes (‘SCW data’) in compliance with applicable data protection law.  For example, when we process user personal data in connection with feedback or feature requests, or when a user consents to our use of analytics cookies. 

Third-parties engaged to process SCW data are not sub-processors, but we follow the same review process outlined below before engaging these service providers.

For more information about our data and privacy protective practices, please refer to our privacy policy.

Our vendor review process

Due diligence

We undertake to use a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of proposed sub-processors before they process customer data.

Contractual safeguards

We require sub-processors to satisfy obligations equivalent to those contained in our own customer agreements, including provisions to:

  • Process customer data in accordance with documented instructions
  • Provide regular security and data protection training to personnel who have access to customer data
  • Implement and maintain appropriate technical and organisational measures 
  • Provide evidence of compliance with its security and data protection obligations (either in the form of annual certification or audits)
  • Promptly inform us of any actual or potential security incidents and/or personal data breaches
  • Cooperate with us in order to deal with requests from customers, data subjects or data protection authorities

International data transfers

Third-countries with an adequate level of data protection

We may freely transfer personal data to sub-processors and third-countries recognised under applicable data protection law as providing an adequate level of data protection (including registered participants in the U.S. Data Privacy Framework (DPF)).

Restricted transfers

Where information is transferred to a sub-processor or third country not recognised as providing an adequate or equivalent level of data protection (‘restricted transfer’), we ensure adequate transfer mechanisms and appropriate safeguards are in place to protect personal data (such as standard contractual clauses and ISO aligned technical and organisational measures).

Looking for more information about international transfers?

Please refer to our dedicated webpage regarding international transfers of personal data

Customer notification

We will update this page whenever we engage new sub-processors. Where we have an obligation to inform customers of updates to our sub-processor list in writing, we will also email our regular business contact and, where reasonable, the customer’s publicly disclosed privacy contact. 

Unless otherwise agreed, the customer may object to the appointment of a new sub-processor within thirty (30) days of the update by emailing privacy@securecodearrior.com, along with the legitimate reason(s) for the objection.

Customer sub-processors

Sub-processor and hosting location Purpose Customer data processed Privacy policy and contact details
Secure Code Warrior group entities
Australia, EU/EEA, United Kingdom and United States
Product support, maintenance and delivery See our privacy policy for more information about our processing activities. https://www.securecodewarrior.com/trust/privacy-policy
privacy@securecodewarrior.com
Amazon Web Services (AWS)
Germany or United States*
Cloud storage host for our website, platform and infrastructure, and email notification service provider Personal data collected by AWS
Email address
Name (first and last)
Device information (browser type, device identifier and IP address)
Location information (country/region and IP geo-location)
https://aws.amazon.com/privacy/

Amazon Web Services, Inc.
Attn: AWS Legal410 Terry Avenue North
Seattle
WA 98109-5210, USA

Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy L-1855Luxembourg
aws-EU-privacy@amazon.com
Datadog
United States
Application log management, monitoring and alerting Email address
User ID
Device information (browser type, device identifier and IP address)
Location information (country/region and IP geo-location)
https://www.datadoghq.com/legal/privacy/

Datadog, Inc.
620 8th Avenue
Floor 45
New York
NY 10018, USA
privacy@datadoghq.com
EverAfter
EU/EEA, Israel and United States
Customer onboarding and ongoing success Email address
Name (first and last)
Device information (browser type, device identifier and IP address)
https://www.everafter.ai/legal/privacy

EverAfter AI Ltd.
Yigal Alon 82
Tel Aviv
Israel 6789124
MongoDB
Germany or United States*
Cloud database storage and management Email address
User ID
Device information (browser type, device identifier and IP address)
Location information (country/region and IP geo-location)
https://www.datadoghq.com/legal/privacy/

Datadog, Inc.
620 8th Avenue
Floor 45
New York
NY 10018, USA
privacy@datadoghq.com
Productboard
EU/EEA, United Kingdom and United States
Customer support and product improvement Email address
Name (first and last)
Device information (browser type, device identifier and IP address)
https://www.productboard.com/privacy-policy

Attn: Privacy Officer
Productboard, Inc.
333 Bush Street, 20th floor
San Francisco, CA 94104, USA
privacy@productboard.com
Salesforce
Australia, EU/EEA, United Kingdom and United States
Customer platform usage Insights, metrics and visualisations Email address
Name (first and last)
Professional information (employer, team name, role, job title)
Assessment information (challenge stats/results)
https://www.salesforce.com/privacy/overview/

415 Mission Street, 3rd Floor
San Francisco, CA 94105, USA
privacy@salesforce.com
Usersnap
Germany or Ireland
Customer bug reports Email address
Device information (browser type, device identifier and IP address)
https://usersnap.com/privacy-policy

Energiestrasse 1
A-4020 Linz
Austria
contact@usersnap.com
Zendesk
United States
Customer support Email address
Name (first and last)
Device information (browser type, device identifier and IP address)
https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice

Attn: Privacy Team
989 Market Street
San Francisco, CA 94103, USA
privacy@zendesk.com
*depending on customer location and agreement


Looking for something else?

Our approach to security and privacy

Visit our Trust Center to learn more about the security and privacy practices that safeguard our information assets, and those of our customers, against misuse, abuse or compromise.

Trust Center