BitSight Technologies, Inc. Subprocessors
BitSight Technologies, Inc. (“Bitsight”) uses certain subprocessors (including Bitsight affiliates and third parties, as listed below) to process Personal Data to support Bitsight's provision of the Bitsight services. Prior to engaging any third party subprocessor, Bitsight performs diligence to evaluate their privacy, security, and confidentiality practices. For more information, see below.
Bitsight Group Subprocessors
| Name | Country |
|---|---|
| NSEC Sistemas Informaticos S.A. | Portugal |
| ThirdPartyTrust LLC | United States |
| BitSight Technologies UK Limited | United Kingdom |
| BitSight Technologies France SAS | France |
| BitSight Technologies Singapore Pte. Ltd. | Singapore |
| BitSight Technologies Argentina SA | Argentina |
Infrastructure and Service-Specific Subprocessors
The following table describes the legal entities engaged by Bitsight in the storage of a customer’s confidential information. Bitsight may also use additional services provided by these subprocessors to process a customer’s confidential information as needed to provide the Services.
| Name | Purpose | Hosting Location |
|---|---|---|
| Amazon.com Inc. (AWS) aws.amazon.com |
Hosts the Bitsight services, including all data. |
United States Ireland (Dependent on Vendor Risk Management customer hosting selection.) |
| Google LLC google.com |
Corporate email service (including for communicating with customers and storing documents). Services (e.g. Vertex) used to support generative artificial intelligence functionality within the Bitsight services. |
United States |
| Okta Inc. okta.com |
Authentication platform for customers with single sign-on. | United States |
| MixMax Inc. mixmax.com |
Email platform for "Enable Vendor Access" notifications. | United States |
| Proofpoint Inc. proofpoint.com |
Email security and quarantine services for inbound/outbound emails. | United States |
| Sendgrid Inc. sendgrid.com |
Platform for email services used for product-related alerts. |
United States |
| MailChimp Inc. mailchimp.com |
Platform for email services used for product-related alerts. |
United States |
| Forethought Technologies Inc. forethought.ai |
Platform to assist Bitsight in responding to customer support requests, including identifying escalation needs. | United States |
| Zendesk Inc. zendesk.com |
Platform to assist Bitsight in providing support to its customers. | United States |
Sales and Marketing Support
Bitsight may use the following subprocessors to support the sales and marketing of Bitsight's products.
| Name | How Service Uses Personal Data | Hosting Location |
|---|---|---|
| salesforce.com inc. salesforce.com |
SaaS platform for customer relationship management (including to store customer and prospect data and to provide marketing, billing, and other services). |
United States |
| Cybersel S.R.L cybersel.eu |
Customers who purchase Bitsight products and services through Cybersel only may also receive support services from Cybersel. | Italy |
| Docusign Inc. docusign.com |
Bitsight uses Docusign to process electronic signatures on customer contract documents. | United States |
| Gainsight Inc. gainsight.com/ |
GainsSight integrates with Salesforce to assess engagement of accounts and support sales and marketing. | United States |
| Mindtickle Inc. mindtickle.com/ |
Sales relationship and support management platform, access to which may be offered by Bitsight to give prospective and current customers more visibility into the sales workflow. | United States |
| Slack Technologies Inc. slack.com |
BitSight uses Slack for internal communication, as well as sales and marketing support. | United States |
Analytics Support
Bitsight may use the following subprocessors for internal analytics of Bitsight’s services.
| Name | Purpose | Hosting Location |
|---|---|---|
| Datadog Inc. datadoghq.com |
Application performance monitoring. | United States |
| Pendo.io Inc. pendo.io |
A third-party analytics provider that assists Bitsight in capturing information about how users interact with the Service. Bitsight uses this information to analyze and improve the Services. | United States |
| Snowflake Inc. snowflake.com |
Supports efficient provision and trend analysis of the Services and day-to-day business operations. | United States |
Due Diligence
Bitsight undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors.
Contractual Safeguards
Bitsight generally requires its subprocessors to adhere to obligations including but not limited to the requirements to:
- Process personal data in accordance with data controller’s documented instructions;
- In connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to personal data;
- Implement and maintain appropriate technical and organizational measures including measures consistent with those to which Bitsight is contractually committed to adhering to to the extent they are relevant to the subprocessor’s processing of personal data on Bitsight’s behalf; and
- Promptly inform Bitsight about any actual or potential security breach; and
- Cooperate with Bitsight in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
This policy does not give customers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate Bitsight’s engagement process for subprocessors as well as to provide the actual list of third party subprocessors as of the date of this policy.