Search
Close this search box.

Sub-processors

We use certain sub-processors and content delivery networks to assist with the services provided to our customers.

What Is a Sub-processor?

A sub-processor is a third-party data processor engaged by the company, who has or potentially will have access to or process Customer Data (which may contain personal data). We engage with different types of sub-processors to perform various functions as explained in the tables below.

Due Diligence

We apply a commercially reasonable selection process by which it evaluates the security, privacy, and confidentiality practices of proposed sub-processors that will or may have access to or process Customer Data.

Contractual Safeguards

We require our sub-processors to satisfy equivalent obligations as those required from us (as a Data Processor) as set forth in our Terms of Service, including but not limited to the requirements to:

  • process personal data in accordance with data controller’s (i.e. Customer’s) documented instructions (as communicated in writing to the relevant sub-processor by us);
  • in connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
  • provide regular training in security and data protection to personnel to whom they grant access to personal data;
  • implement and maintain appropriate technical and organisational measures (including measures consistent with those to which we are contractually committed to adhere insofar as they are equally relevant to the sub-processor’s processing of personal data on our behalf)
  • promptly inform us about any actual or potential security breaches; and cooperate with us in order to facilitate requests from data controllers, data subjects, or data protection authorities, as applicable.

This notice does not give Customers any additional rights or remedies and should not be construed as a binding agreement. The information herein is to provide the actual list of third-party sub-processors and content delivery networks used by us as of the date of this notice (which we may use in the delivery and support of its Services).

Infrastructure Sub-processors – Customer Data Storage

The following table describes the countries and legal entities engaged in the storage of Customer Data by us.

Entity Name Entity Type Entity Country Legal Safeguard
Google Google Workspace Service Provider United States Data Processing Agreement with Standard Contractual Clauses

Service Specific Sub-processors

We work with certain third parties to provide specific functionality within its services. These providers are the sub-processors set forth below. In order to provide the relevant functionality these sub-processors access Customer Data. Their use is limited to the indicated Services.

Entity Name Purpose Applicable Services Entity Country Legal Safeguard
Tawk.to Delivers automated Chat support Customer Support United States Data Processing Agreement with Standard Contractual Clauses
Thinkific Inc. Learning Management System LMS United States Data Processing Agreement with Standard Contractual Clauses
Zoom Inc. Virtual conferencing and virtual events Marketing United States Data Processing Agreement with Standard Contractual Clauses
LeadSquared ■ Lead scoring utilizing customer attribute data
■ Call scheduling and lead routing
■ Provides lead qualification, personalized experience, and emails for Thinkific customers.
■ Stores customer contact information, subscription status, and other customer related information
Sales and Marketing India Data Processing Agreement with Standard Contractual Clauses
Simplybook.me Call scheduling with customers Customer Success and, Support United States Data Processing Agreement with Standard Contractual Clauses
Cloudflare Inc. DNS, SSL Termination and Web Application Firewall Website United States Data Processing Agreement with Standard Contractual Clauses
Google Communication, collaboration, analytics and insights Marketing, Sales, Platform Partnerships, Support and, Customer Success United States Data Processing Agreement with Standard Contractual Clauses
Stripe Credit Card billing processor for customer subscriptions and customer sales Education & Subscription Services Ireland Data Processing Agreement with Standard Contractual Clauses
Razorpay Credit Card billing processor for customer subscriptions and customer sales Education & Subscription Services India Data Processing Agreement with Standard Contractual Clauses
Vimeo Video hosting platform Education & Subscription Service United States Data Processing Agreement with Standard Contractual Clauses
Zapier Workflow Automation tool Thinkific Marketing United States Data Processing Agreement with Standard Contractual Clauses
Mighty Networks Digital Community Portal Alumni Network United States Data Processing Agreement with Standard Contractual Clauses

Content Delivery Networks

As explained above, our services may use content delivery networks (“CDNs”) to provide the Services, for security purposes, and to optimize content delivery. CDNs do not have access to Customer Data, but are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider. Website content served to website visitors and domain name information may be stored with a CDN to expedite transmission, and information transmitted across a CDN may be accessed by that CDN to enable its functions. The following describes the use of CDNs by Thinkific’s Services.

CDN Provider Services Using CDN CDN Location Description of CDN Services Legal Safeguard
Cloudflare, Inc. Thinkific Service Global Public website content served to website visitors may be stored with Cloudflare, Inc., and transmitted by Cloudflare, Inc., to website visitors, to expedite transmission. Data Processing Addendum with Standard Contractual Clauses.

As of April 15th, 2023