Document Summary

Data Subprocessors

Download PDF
Our approach to security and privacyOur approach to security and privacy
Back to Trust Center

Sub-processors of customer data

What is a sub-processor?

‘Customer data’ is personal data processed by Secure Code Warrior (acting as a processor) on behalf of the customer (acting as a controller) to provide our products and/or services.

A ‘sub-processor’ is a third-party further engaged by Secure Code Warrior to help us process customer data for the same purpose. We engage different types of sub-processors to perform various functions as explained in the table below.

Where we act as an independent controller

Where Secure Code Warrior acts as an independent controller, we process personal data on our own behalf and for our own business purposes (‘SCW data’) in compliance with applicable data protection law.

Third-parties engaged to process SCW data are not sub-processors, but we follow the same review process outlined below before engaging these vendors.

For more information about our privacy-protective practices, please refer to our privacy policy (see Section 3.4 for information about the categories of third party vendors who receive SCW data)

Our sub-processor review process

Due diligence

We undertake to use a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of proposed sub-processors before they process customer data.

Contractual safeguards

We require sub-processors to satisfy equivalent obligations as those required by Secure Code Warrior in our own customer agreements, including provisions to:

  • Process customer data in accordance with documented instructions
  • Provide regular security and data protection training to personnel who have access to customer data
  • Implement and maintain appropriate technical and organisational measures 
  • Provide evidence of compliance with its security and data protection obligations (either in the form of annual certification or audits)
  • Promptly inform us of any actual or potential security incidents and/or personal data breaches
  • Cooperate with us in order to deal with requests from customers, data subjects or data protection authorities

Where information is transferred to a third country not recognised as providing an adequate or equivalent level of protection by applicable data protection law (‘restricted transfer’), we also ensure the appropriate transfer mechanisms (such as standard contractual clauses) are in place.

Customer notification

We will update this page whenever we engage new sub-processors.

Where we have an obligation to inform customers of updates to our sub-processor list in writing, we will notify our regular business contact and (where reasonably practicable) the customer’s publicly disclosed privacy contact by email. Unless otherwise agreed, the customer may object to the  appointment of a new sub-processor (along with the legitimate reason(s) for the objection) within thirty (30) days following notification.

Our sub-processors:

Sub-processor and hosting location Purpose Customer data processed Privacy policy and contact details
Secure Code Warrior group entities
Australia, EU/EEA, United Kingdom and United States
Product support, maintenance and delivery See our privacy policy for more information about our processing activities.
Amazon Web Services (AWS)
Germany or United States*
Cloud storage, infrastructure hosting and customer email communication Personal data collected by AWS
Email address
Name (first and last)
Device information (browser type, device identifier and IP address)
Location information (country/region and IP geo-location)

Amazon Web Services, Inc.
Attn: AWS Legal410 Terry Avenue North
WA 98109-5210, USA

Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy L-1855Luxembourg
United States
Application log management, monitoring and alerting Email address
User ID
Device information (browser type, device identifier and IP address)
Location information (country/region and IP geo-location)

Datadog, Inc.
620 8th Avenue
Floor 45
New York
NY 10018, USA
Germany or United States*
Cloud database storage and management Email address
Name (first and last)
Device information (browser type, device identifier and IP address)
Professional information (employer, team name, role, job title)
Location information (country/region and IP geo-location)
Assessment information (challenge stats/results)
Preferred language

Attn: Legal Department
MongoDB, Inc.
1633 Broadway
38th Floor
New York
NY 10019, USA
Germany or Ireland
Customer feedback and feature requests Email address
Device information (browser type, device identifier and IP address)

Energiestrasse 1
A-4020 Linz
United States
Customer support Email address
Device information (browser type, device identifier and IP address)

Attn: Privacy Team
989 Market Street
San Francisco,
CA 94103, USA
*depending on customer location and agreement

Looking for something else?

Our approach to security and privacy

Visit our Trust Center to learn more about the security and privacy practices that safeguard our information assets, and those of our customers, against misuse, abuse or compromise.

Trust Center