To help us deliver Timetastic we share information and data with some external processors and 3rd party apps. We list those processors here and outline the agreements in place:
For clarity - we assess all processors to ensure our continued compliance with our obligations to Users, Clients, and data processing regulations such as GDPR.
We update this list prior to the commencement of any new sub processor and publish updates on our changelog. To receive email updates of any changes click the 'subscribe' button at the top of the changelog.
Peaberry Software Inc (Customer.io)
We use Customer.io for sending emails. To do this Customer.io stores user names, email addresses and analytical data on their usage of Timetastic. We use that data to ensure we only send emails relevant to the individual.
To ensure compliance with the law on EU/ USA data transfers, our agreement with Customer.io is based on the Standard Contractual Clauses laid down by the EU, and a Data processing Agreement compliant with GDPR.
Our customer support system and emails are provided by Zendesk. Customers email addresses will appear in Zendesk along with all discussion between the customer and ourselves.
Zendesk store their Data in USA Data Centres and have certified with EU-US Privacy Shield https://help.zendesk.com/hc/en-us/articles/229138227-Zendesk-Certifies-to-Privacy-Shield
We also have a Data Processing Agreement in place with Zendesk including the approved Standard Contractual Clauses.
All the transactional emails from Timetastic are sent out through Sendgrid Inc. That means sharing email addresses and email content.
Our relationship is governed by their standard Terms of Service and a Data Processing Addendum in line with GDPR requirements.
We primarily use Slack for internal electronic communications. It’s entirely possible that at times these discussions will be about clients and particular situations they need assistance with, and in that regard data will be shared.
We also have Standard Contractual Clauses in place with Slack, via their data processing addendum.
Our relationship is governed by their Terms of Service and a GDPR compliant Data Processing Addendum.
We process debit and credit card payments using Stripe Payments Europe Limited. a worldwide payments provider. The main capture is through their European subsidiary based in Ireland, but some of the data is passed to Stripe Inc. the parent company in the USA. For this transfer to be lawful they employ the European Commission’s Standard Contractual Clauses (“Model Clauses”) to allow for the lawful transfer of such data under the EU Data Directive.
Cloudflare provides content distribution, security and DNS services for web traffic transmitted to and from Timetastic. It allows us to efficiently manage web traffic and help secure the application from malicious activity. The primary information Cloudflare has access to is information in and associated with the Timetastic website URL that the user is interacting with (which includes End-User IP address). All information (which will include service data) contained in web traffic transmitted to and from Timetastic is transmitted through Cloudflare’s systems, but Cloudflare does not have access to this information.