CustomerOS uses the third party entities below (each, a “subprocessor”) to process personal data on behalf of CustomerOS customers and in accordance with contract terms between CustomerOS and the subprocessor to uphold CustomerOS’s commitments in CustomerOS’s Data Processing Addendum.
CustomerOS carries out annual compliance reviews of its subprocessors, and where the engagement of a subprocessor requires the cross-border transfer of personal data, CustomerOS conducts Transfer Impact Assessments in accordance with applicable data protection law for these data transfers. CustomerOS imposes obligations on its subprocessors to implement appropriate technical and organizational measures ensuring that the sub-processing of personal data is protected to the standards required by applicable data protection laws.
Further information relating to subprocessor security measures can be found via the external links below. For each subprocessor below, processing of personal data will be for the duration of use of the applicable service(s) by the customer, and for the retention periods as set out in the customer’s agreement with CustomerOS and any product documentation.
If you use CustomerOS, you will be notified when we add new data subprocessors.
| Sub-processor | Nature and Purpose of Processing | Categories of personal data | Location of Processing | Security and Supplemental Measures |
|---|---|---|---|---|
| Amazon Web Services, Inc. | Cloud hosting provider | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | Ireland | https://d1.awsstatic.com/legal/aws-dpa/aws-dpa.pdf |
| Cloudflare, Ltd. | Content delivery network provider | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | Customer traffic is processed globally at the data center closest to the end user. | https://www.cloudflare.com/en-gb/cloudflare-customer-dpa/ |
| Event Store Ltd | Cloud database provider | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | Ireland | https://www.eventstore.com/data-processing-addendum |
| Google Inc. | Cloud hosting provider & Email support | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | Ireland | https://cloud.google.com/terms/data-processing-addendum |
| Integration App Inc. | Cloud data transfer platform | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | Germany, USA | https://integration.app/privacy-policy |
| Intercom, Inc. | Cloud support platform | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | USA | https://www.intercom.com/legal/data-processing-agreement |
| Noti-Fire Apps Ltd. | Cloud notification service | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | Germany | https://novu.co/dpa/ |
| Postmark | Cloud email service | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | USA | https://postmarkapp.com/eu-privacy#dpa |
| Railway Corp. | Cloud hosting provider | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | USA | https://railway.app/legal/privacy |
| Smarty, LLC. | Cloud address verification | Personal data contained in user account information and text or files created by customer and stored in CustomerOS | USA | https://www.smarty.com/legal/privacy-policy |