Sub-processors and Subcontractors

CafeX Communications, Inc. (“CafeX”) uses certain sub-processors, subcontractors and content delivery networks to assist it in providing the CafeX Services as described in the Terms of Service (“TOS”). Defined terms used herein shall have the same meaning as defined in the TOS.

What is a Sub-processor?

A sub-processor is a third-party data processor engaged by CafeX, who has or potentially will have access to or process Service Data (which may contain Personal Data). CafeX engages different types of sub-processors to perform various functions as explained in the tables below. CafeX refers to third parties that do not have access to or process Service Data but who are otherwise used to provide the Services as “subcontractors” and not sub-processors.

Due Diligence

CafeX undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or process Service Data.

Contractual Safeguards

CafeX execute an agreement with our SubProcessors, including but not limited to the requirements to:

  • Restrict the Subprocessors’ access to Customer Data only to what is necessary to assist CafeX in providing or maintaining the Services, and prohibit the Subprocessor from accessing Customer Data for any other purpose
  • In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws
  • Make clear that CafeX will remain responsible for its compliance with the obligations of any applicable agreements between us and Customer and for any acts or omissions of the Subprocessor that cause Duo to breach any of its obligations under those agreements
  • Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which CafeX is contractually committed to adhere to insofar as they are equally relevant to the sub-processor’s processing of Personal Data on CafeX’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification CafeX reserves the right to audit the sub-processor
  • Promptly inform CafeX about any actual or potential security breach and cooperate with CafeX in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable

The information herein is a list of third-party sub-processors, subcontractors and content delivery networks used by CafeX as of the date of this policy (which CafeX may use in the delivery and support of its Services).

Infrastructure Sub-processors – Service Data Storage and Processing

CafeX owns or controls access to the infrastructure that CafeX uses to host and process Service Data submitted to the Services, other than as set forth herein. Currently, the CafeX production systems used for hosting Service Data for the Services are located in co-location facilities in the United States, APAC and Europe and in the infrastructure sub-processors listed below.

Entity Name Purpose Entity Country
Amazon Web Services, Inc. Cloud Service Provider, and network services. North America
OVH Inc. Cloud Service Provider for optional meeting/conference services. United States
Google Inc. Email and collaboration Services. United States
Twilio, Inc. Telephony services. United States
Sendgrid, Inc. Transactional email. United States
ActiveCampaign CRM, Email Campaign and nurture emails. United States
Box File sharing and previewing in Meetings. United States
Freshworks Support and Knowledge-base. United States
Workato Process workflows. United States
Pendo.io Product introduction and UI tour. United States
     

Subcontractors

As explained above, CafeX also uses certain “subcontractors” to assist in the operations necessary to provide the CafeX Services as described in the Terms of Service. The following is a list (as of the date of this policy) of the names and locations of material third-party subcontractors. Subcontractors do not have access to Service Data.

Entity Name Entity Type Location
Parity Software testing           India

     

Last Updated – Neil Ellis – 2022-03-07