"Five years ago, data teams were siloed and focused on helping users find and query more data. But today, data consumers exist across organizations and are going much further transforming data, collaborating with cross-company teams, and creating new data products, models, and pipelines at a rapid pace. This new era of democratized data use is driving unprecedented adoption of cloud platforms and data exchanges, but the future has to be secure and compliant."
Matthew Carroll, CEO at 51蹤獲Key Security Features
51蹤獲s platform security controls, processes, and procedures are designed to meet business objectives while containing risk. Commitments relative to security controls are documented and communicated in agreements with clients and third-party service providers. Operational requirements supporting security controls are communicated in the Companys policies and procedures, system design documentation, and contracts with clients and third-party service providers. Those security controls include, but are not limited to:
- Formalized policies and procedures
- System logging and monitoring
- Vulnerability and Patch management
- Antivirus/antimalware software
- Identity and access (logical and physical) management
- Multi Factor authentication
- Secured remote access
- Firewall and network security group management
- Backup management
- Incident management and response, including contracted third-party industry response experts
Compliance and Regulations
51蹤獲 SaaS Services & the GDPR
Under the GDPR, 51蹤獲 acts as both a data processor and a data controller.
51蹤獲 Data Processing Agreement
51蹤獲 as a Data Processor
When licensees use 51蹤獲 SaaS services to manage access to licensee personal data, 51蹤獲 acts as a data processor. Licensees may act as data controllers or data processors, and 51蹤獲 acts as a data processor or sub-processor. 51蹤獲 contractual terms incorporate 51蹤獲s commitments as a data processor. Our security controls are described below and our list of sub-processors is available here.
51蹤獲 as a Data Controller
When 51蹤獲 processes personal data and determines the purposes and means of processing that personal data, it acts as a data controller. As a data controller in relation to 51蹤獲 SaaS services, 51蹤獲 usually processes account information for account registration, administration, billing, and fraud prevention, as well as usage data for service optimization, service improvement, and fraud prevention.
For more information about how 51蹤獲 processes personal data as a data controller, see 51蹤獲 Privacy Notice.
List of Subprocessors
Last Modified: February 20, 2024
51蹤獲, Inc. (51蹤獲) uses certain Subprocessors (as listed below) to assist it in providing the SaaS Services as described in the written agreement you have with 51蹤獲 (Agreement). You will be notified by email when we add new Subprocessors.
What is a Subprocessor?
A Subprocessor is a third party utilized by 51蹤獲 to deliver its SaaS Services as a data processor. 51蹤獲 engages different types of Subprocessors to perform the various services explained below.
Process to Engage New Subprocessors
Prior to the addition or change of any Subprocessors described in this policy, 51蹤獲 shall provide notice to Licensee through emails no less than thirty (30) days prior to the date on which the Subprocessor shall commence processing personal data. Licensee can object in writing to the processing of its personal data by a new Subprocessor within ten (10) days after the reception of the email and shall describe its legitimate reasons to object. If Licensee does not object during such time period, the new Subprocessor(s) shall be deemed accepted.
During the Objection Period, objections (if any) to 51蹤獲s appointment of the new Subprocessor must be provided to 51蹤獲 in writing and based on reasonable grounds relating to data protection. In such an event, the Parties will discuss those objections in good faith with a view to achieving resolution. If it can be reasonably demonstrated to 51蹤獲 that the new Subprocessor is unable to process Licensee personal data in compliance with agreed terms and 51蹤獲 cannot provide an alternative Subprocessor, or the Parties are not otherwise able to achieve resolution as provided in the preceding sentence, Licensee, as its sole and exclusive remedy, may provide written notice to 51蹤獲 terminating the offering with respect only to those aspects of the Services which cannot be provided by 51蹤獲 without the use of the new Subprocessor.
The following is an up-to-date list (as of the date mentioned below) of the names and locations of 51蹤獲s Subprocessors (including members of the 51蹤獲 Group and third parties):
Third Party Subprocessors
51蹤獲 utilizes AWS cloud service provider to host 51蹤獲 SaaS services. Licensee metadata, such as data dictionaries, policy-related data, user data, and audit logs will thus live in an AWS environment, in the 51蹤獲 geographical region selected by Licensee, which could be 51蹤獲 APJ, Europe or US.
| Entity Name | Purpose | Location of Processing |
|---|---|---|
| Amazon Web Services, Inc. | Host 51蹤獲s SaaS services in the region elected by customers. | In region |
| Elasticsearch Inc. | Manage audit service in the region elected by customers. | In region |
| Datadog Inc. | Manage security logs. | US |
| Temporal Technologies, Inc. | Execute background workloads. | In region |
| Megaport Inc. | Transmit packets between cloud providers. | In region |
| Google LLC | Communicate with customers. | US |
| Zoom Video Communications, Inc. | Communicate with customers. | US |
| Slack Technologies LLC | Communicate with customers. | US |
| Salesforce, Inc. | Manage customer support platform through Salesforce Service Cloud. | US |
51蹤獲 Group Subprocessors
51蹤獲 works with a few third parties to support specific services within its overall SaaS offering. These providers are Subprocessors, as they may have access to personal data related to Licensees authorized users.
| Entity Name | Purpose | Location of Processing |
|---|---|---|
| 51蹤獲 Ltd | Perform customer support tasks. | UK |
| 51蹤獲 Pty Ltd | Perform customer support tasks. | Australia |
51蹤獲 SaaS Services & the GDPR
Infrastructure Security
51蹤獲 is cloud-native, including all our supporting cloud computing infrastructure and our software solution (Software-as-a-Service).
Our cloud computing infrastructure is provided by Amazon Web Services (AWS). This infrastructure is built and managed not only according to security best practices and standards, but also with the unique needs of the cloud in mind. AWS uses redundant and layered controls, continuous validation and testing, and a substantial amount of automation to ensure that the underlying infrastructure is monitored and protected 247.
Every 24 hours we make a backup which we keep for 7 days. In case of an incident, we can restore this backup immediately.
Physical Security
We rely on AWS for the physical security of our supporting cloud computing infrastructure. We also take physical security measures for our own offices (such as badge access and video surveillance).
Product Security
We have a clearly defined process for creating high quality software, ensuring that our software is well tested and ready for production use before we roll out our software.
We take security measures to protect our software solution from cyber attacks and to detect fraudulent or malicious activities. Our software is monitored and protected by an industry-leading continuous process of cloud security improvement and adaptation which includes active defenses against known and unknown attacks. In addition, we also have periodic security measures carried out by a qualified external party (such as penetration testing).
We also take many other security measures to ensure that your data is safe (such as encrypting your data both at rest and in transit, restricting access based on roles and attributes, applying the need-to-know principle, requiring strong passwords and multi-factor authentication, monitoring logs, etc.).
Data Security
We always process your data in accordance with the applicable legislation, both in terms of security and data protection. Every other party we work with also complies with the applicable legislation through the agreements we conclude with them.
We do not keep your data longer than necessary. We will hold your data for as long as you request our services. In case of termination, we will delete your data 90 days after the termination. In the case of a trial period, we will retain your data for 90 days after the trial period ends, unless you request that we delete your data sooner.
Our software solution is set up in the same region as your infrastructure and thus does not cross regional lines.
We only access your data on request or with your permission.
Attestation & Certification
We can demonstrate that we have appropriate controls in place to mitigate security, availability, confidentiality, processing integrity, or privacy risks.
Our security measures are audited annually by an independent and external party. If you need more information or if you would like to receive a copy of our SOC2 or SOC3 report, please contact us: [email protected]