Select Page

Translate this page

Sub-processors

Effective starting: 27 May, 2022

Program owner and administrator specific sub-processors

Sub-processor services we use to engage and support your organisation. Entrants/applicants, nominators and judges/reviewers do not make use of these services.

Sub-processor Business location Data processing location(s) Description of services provided
Chameleon
http://trychameleon.com
United States United States In-app product tours.
Processes email addresses.
Uses Standard Contractual Clauses.
Technical security measures: https://www.trychameleon.com/security
Deepnote
https://deepnote.com
California, United States United States Data pipeline management.
May process personal data.
Uses Standard Contractual Clauses.
Technical security measures: https://deepnote.com/security
Elevio
https://elev.io
Collingwood, Victoria, Australia United States In-app support panel.
Processes email addresses.
Uses Standard Contractual Clauses.
Hubspot
https://www.hubspot.com
Ireland United States Software products for inbound marketing, sales, and customer service.
Processes personal data.
Uses Standard Contractual Clauses.
Technical security measures: https://www.hubspot.com/security
Intercom
https://www.intercom.com
San Francisco, California, US United States (Virginia) Chat and support management within our software product.
Processes personal data.
Uses Standard Contractual Clauses.
Technical security measures: https://www.intercom.com/security
Klaus
https://klausapp.com
Estonia Germany (Frankfurt) Support team conversation review and QA platform.
Processes personal data.
Data is not processed outside of the EU.
Technical security measures: https://www.klausapp.com/security
Sequin
https://www.sequin.io
Los Angeles, California, US United States Data pipeline management.
Processes personal data.
Uses Standard Contractual Clauses.
Technical security measures: https://www.sequin.io/legal/security
Zendesk
https://www.zendesk.com
San Francisco, California, US Australia (Sydney) Client support management.
Processes personal data.
Uses Standard Contractual Clauses.
Technical security measures: https://www.zendesk.com/product/zendesk-security

All user sub-processors

Sub-processor services we use to engage and support your organisation, your program and your participants. All roles including program owners, administrators, entrants, applicants, nominators, judges and reviewers make use of these services.

Subprocessor Business location Data processing location(s) Description of services provided
Amazon Web Services
https://aws.amazon.com
Seattle, Washington, US Australia (Sydney)
Canada (Montreal)
Europe (Ireland and Germany)
United States (California)
Cloud hosting infrastructure for whole AF application stack.
Processes personal data.
Uses Standard Contractual Clauses.
Technical security measures:
https://aws.amazon.com/blogs/security/aws-and-eu-data-transfers-strengthened-commitments-to-protect-customer-data
https://aws.amazon.com/security
Google Cloud
https://cloud.google.com
Dublin, Ireland Australia
Canada
Europe
United States
Cloud infrastructure for data backup redundancy.
Processes personal data.
Uses Standard Contractual Clauses.
Technical security measures:
https://cloud.google.com/security
Imgix
https://www.imgix.com
San Francisco, California, US United States (rendering)
Various edge nodes (caching)
Image processing service.
May process personal data captured in uploaded images and PDFs.
Uses Standard Contractual Clauses.
MailGun
https://www.mailgun.com
San Francisco, California, US Germany (Frankfurt) Email sending service.
Processes personal data used in the delivery and communication of email messages.
Uses Standard Contractual Clauses.
New Relic
https://newrelic.com
San Francisco, California, US United States Application monitoring.
May process personal data.
Uses Standard Contractual Clauses.
Technical security measures:
https://drive.google.com/file/d/1pMixjKW1G-AuR8hcNwD8YsbOKlQbPq2F/view
Pusher
https://pusher.com
London, United Kingdom United States (North Virginia) Push service.
Background processes use Pusher to send notifications on progress and file scanning.
May process IP addresses and cookies.
Uses Standard Contractual Clauses. Is GDPR and HIPAA compliant.
Stitch
https://www.stitchdata.com
United States United States ETL data pipeline.
Processes personal data.
Uses Standard Contractual Clauses.
Technical security measures:
https://www.stitchdata.com/platform/security
URL2PNG
https://www.url2png.com
East Derry, New Hampshire, US United States Capture screenshots from URLs.
May process personal data visible on publicly accessible websites.
Uses Standard Contractual Clauses.
Vonage
https://www.vonage.com
San Francisco, California, US Singapore SMS sending service.
May process personal data used in the delivery of SMS messages.
Uses Standard Contractual Clauses.
Technical security measures:
https://www.vonage.com/communications-apis/platform/security
https://www.vonage.com/legal/technical-organizational-security-practices