Knowledge-Driven Support

Go from disconnected inboxes and one-size-fits-all tickets to knowledge-driven workflows for every type of conversation — internal and external

Custom Apps & Extensibility

Go from rigid, one-size-fits-all templates to a platform where you build any type of app — for any audience, any use case, any content structure

Overview

Master Subscription Agreement

Cookie Policy

In Product Cookie Policy

AI Supplementary Terms

Data Processing Addendum

Sub-Processors Policy

Professional Services Terms and Conditions

User Content and Conduct Policy

Service Level Agreement (SLA)

Sub-Processors Policy

ServiceTarget uses certain Sub-processors and content delivery networks to help provide the ServiceTarget Services under the Master Subscription Agreement (MSA). Defined terms have the same meaning as in the MSA.

What is a Sub-processor

A Sub-processor is a third-party data processor engaged by ServiceTarget that receives Service Data (potentially containing Personal Data) from ServiceTarget for Processing on behalf of Subscribers per their instructions (as communicated by ServiceTarget) and subcontract terms. ServiceTarget engages various Sub-processors to perform different functions explained in the tables below.

Due Diligence

ServiceTarget undertakes commercially reasonable selection evaluating proposed Sub-processors' security, privacy, and confidentiality practices.

Contractual Safeguards

ServiceTarget generally requires Sub-processors satisfy obligations equivalent to those required of ServiceTarget as a Data Processor in the Data Processing Agreement (DPA), including:

Process Personal Data per data controller's (Subscriber's) documented instructions (as communicated to Sub-processor);
Use only reliable personnel contractually committed to data privacy/security per law in sub-processing;
Provide regular security/data protection training to personnel granted data access;
Implement/maintain appropriate technical/organizational measures (including measures consistent with ServiceTarget's DPA commitments relevant to Sub-processor's Processing); provide annual certification of compliance or be subject to ServiceTarget audit;
Promptly inform ServiceTarget of any actual/potential security breach;
Cooperate with ServiceTarget to address data controller/subject/authority requests.

Sub-processors with incidental Service Data access for specific Innovation Service features/components outside core hosting ("Innovation Service Specific Sub-processors") are regularly reviewed by ServiceTarget to work towards implementing the standards here. However, they may not currently meet all identified measures.

This policy does not provide Subscribers additional rights/remedies and is not a binding agreement. It illustrates ServiceTarget's Sub-processor engagement and provides the list of third-party Sub-processors and content delivery networks used by ServiceTarget as of the policy date for Service delivery/support.

List of Current Sub-processors

Below is the current list (as of policy date) of ServiceTarget Sub-processors and content delivery network names, types, and locations:

Infrastructure Sub-processors – Service Data Storage and Processing

Processor owns or controls access to the infrastructure used to host and Process Personal Data submitted to the Services, except as stated herein. Currently, Processor's production systems for hosting Personal Data are located in the infrastructure of the Sub-processor listed below. Subscriber accounts are typically established in one of these regions based on Subscriber's location, but may be shifted to ensure performance and availability. The table below describes the legal entity engaged by Processor for storing Personal Data. Processor also utilizes additional services from this Sub-processor as needed to Process Personal Data and provide the Services.

Entity Information

Entity Name	Purpose and Data Processed	Applicable Services	Data Hosting Location
Amazon Web Services	Cloud Service Provider	Cloud Hosting Services	United States

‍

Service Specific Sub-processors

Processor works with certain third parties to provide specific functionality within the Services. These providers are Sub-processors as listed below. To enable relevant functionality, these Sub-processors access and Process Personal Data, limited to the specified Services.

Entity Information

Entity Name	Purpose and Data Processed	Applicable Services	Data Hosting Location
AWS CloudFront	AWS CloudFront is a CDN providing content delivery, DDoS protection, SSL/TLS support, caching, and global reach. Cloudfront processes a limited amount of Personal Data such as User and End-User IP addresses, browser and operating system related information for logging, security, and abuse prevention purposes.	CDN Services	United States
Amazon SES	Amazon Simple Email Service (Amazon SES) as a subprocessor to handle sending outgoing emails from ServiceTarget to Users and End Users. Amazon SES processes user email addresses and message content for the purposes of delivering notifications and other transactional emails.	Email notification services	United States
AWS Cognito	Amazon Cognito handles user authentication and access management. Cognito processes user credentials like usernames, passwords, and other profile data to provide secure sign-on and identity services.	Authentication and access	United States
AWS Cloudwatch	AWS CloudWatch is used to monitor and analyze performance metrics of our SaaS platform infrastructure hosted on Amazon Web Services (AWS). CloudWatch processes a limited amount of Personal Data (specifically User and End-User IP addresses, browser and operating system related information) for issue logging and monitoring purposes.	Application logging	United States
OpenAI	OpenAI, L.L.C. ("OpenAI") provides AI/ML powered product features. OpenAI processes Service Data when Users and End-Users interact with conversational Users and AI features.	AI features	United States
MixPanel	MixPanel, Inc. (“MixPanel”) is a third-party analytics provider. ServiceTarget uses MixPanel to track how Users interact with the Service. MixPanel processes Service Data such as URLs, time spent on pages, items clicked (including data in those items), and User email addresses when Users interact with administration console. ServiceTarget uses this analytics information from MixPanel to analyze and improve its service offerings.	Product Usage Monitoring	United States
Pendo	Pendo.io, Inc. (“Pendo”) is a third-party analytics provider. ServiceTarget uses Pendo to track how Users interact with the Service. Pendo processes Service Data such as URLs, time spent on pages, items clicked (including data in those items), and User email addresses when Users interact with administration console. ServiceTarget uses this analytics information from Pendo to analyze and improve its service offerings.	Product Usage Monitoring	United States
AWS Translate	AWS Translate supports the translation functionality that is available to Users within Workspace. If the translation functionality is used by Subscriber, AWS Translate will Process all Service Data that is translated within Subscribers Workspace.	Translation Functionality within Workspace	No hosting of Service Data
Stripe, Inc.	Stripe, Inc. (“Stripe”) as a subprocessor that handles payment processing and transaction details. Stripe processes and secures the payment information in compliance with PCI and GDPR standards. As a subprocessor, Stripe has access to certain payment details needed to facilitate transactions like credit card numbers, billing information, and User email address.	Billing and Payment	United States