Sub-processors
We use certain sub-processors and content delivery networks to assist with the services provided to our customers.
What Is a Sub-processor?
A sub-processor is a third-party data processor engaged by the company, who has or potentially will have access to or process Customer Data (which may contain personal data). We engage with different types of sub-processors to perform various functions as explained in the tables below.
Due Diligence
We apply a commercially reasonable selection process by which it evaluates the security, privacy, and confidentiality practices of proposed sub-processors that will or may have access to or process Customer Data.
Contractual Safeguards
We require our sub-processors to satisfy equivalent obligations as those required from us (as a Data Processor) as set forth in our Terms of Service, including but not limited to the requirements to:
- process personal data in accordance with data controller’s (i.e. Customer’s) documented instructions (as communicated in writing to the relevant sub-processor by us);
- in connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- provide regular training in security and data protection to personnel to whom they grant access to personal data;
- implement and maintain appropriate technical and organisational measures (including measures consistent with those to which we are contractually committed to adhere insofar as they are equally relevant to the sub-processor’s processing of personal data on our behalf)
- promptly inform us about any actual or potential security breaches; and cooperate with us in order to facilitate requests from data controllers, data subjects, or data protection authorities, as applicable.
This notice does not give Customers any additional rights or remedies and should not be construed as a binding agreement. The information herein is to provide the actual list of third-party sub-processors and content delivery networks used by us as of the date of this notice (which we may use in the delivery and support of its Services).
Infrastructure Sub-processors – Customer Data Storage
The following table describes the countries and legal entities engaged in the storage of Customer Data by us.
| Entity Name | Entity Type | Entity Country | Legal Safeguard |
|---|---|---|---|
| Google Workspace Service Provider | United States | Data Processing Agreement with Standard Contractual Clauses |
Service Specific Sub-processors
We work with certain third parties to provide specific functionality within its services. These providers are the sub-processors set forth below. In order to provide the relevant functionality these sub-processors access Customer Data. Their use is limited to the indicated Services.
| Entity Name | Purpose | Applicable Services | Entity Country | Legal Safeguard |
|---|---|---|---|---|
| Tawk.to | Delivers automated Chat support | Customer Support | United States | Data Processing Agreement with Standard Contractual Clauses |
| Thinkific Inc. | Learning Management System | LMS | United States | Data Processing Agreement with Standard Contractual Clauses |
| Zoom Inc. | Virtual conferencing and virtual events | Marketing | United States | Data Processing Agreement with Standard Contractual Clauses |
| LeadSquared |
■ Lead scoring utilizing customer attribute data
■ Call scheduling and lead routing ■ Provides lead qualification, personalized experience, and emails for Thinkific customers. ■ Stores customer contact information, subscription status, and other customer related information |
Sales and Marketing | India | Data Processing Agreement with Standard Contractual Clauses |
| Simplybook.me | Call scheduling with customers | Customer Success and, Support | United States | Data Processing Agreement with Standard Contractual Clauses |
| Cloudflare Inc. | DNS, SSL Termination and Web Application Firewall | Website | United States | Data Processing Agreement with Standard Contractual Clauses |
| Communication, collaboration, analytics and insights | Marketing, Sales, Platform Partnerships, Support and, Customer Success | United States | Data Processing Agreement with Standard Contractual Clauses | |
| Stripe | Credit Card billing processor for customer subscriptions and customer sales | Education & Subscription Services | Ireland | Data Processing Agreement with Standard Contractual Clauses |
| Razorpay | Credit Card billing processor for customer subscriptions and customer sales | Education & Subscription Services | India | Data Processing Agreement with Standard Contractual Clauses |
| Vimeo | Video hosting platform | Education & Subscription Service | United States | Data Processing Agreement with Standard Contractual Clauses |
| Zapier | Workflow Automation tool | Thinkific Marketing | United States | Data Processing Agreement with Standard Contractual Clauses |
| Mighty Networks | Digital Community Portal | Alumni Network | United States | Data Processing Agreement with Standard Contractual Clauses |
Content Delivery Networks
As explained above, our services may use content delivery networks (“CDNs”) to provide the Services, for security purposes, and to optimize content delivery. CDNs do not have access to Customer Data, but are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider. Website content served to website visitors and domain name information may be stored with a CDN to expedite transmission, and information transmitted across a CDN may be accessed by that CDN to enable its functions. The following describes the use of CDNs by Thinkific’s Services.
| CDN Provider | Services Using CDN | CDN Location | Description of CDN Services | Legal Safeguard |
|---|---|---|---|---|
| Cloudflare, Inc. | Thinkific Service | Global | Public website content served to website visitors may be stored with Cloudflare, Inc., and transmitted by Cloudflare, Inc., to website visitors, to expedite transmission. | Data Processing Addendum with Standard Contractual Clauses. |
As of April 15th, 2023