This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:third_party [2023/09/29 02:22] kholub |
wiki:policies:third_party [2024/06/24 18:11] (current) kholub |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Third-Party Services Policy ====== | + | ====== Third-Party Services |
===== I. Purpose ===== | ===== I. Purpose ===== | ||
Line 29: | Line 29: | ||
Subprocessors handle user data processing tasks on behalf of the software application. | Subprocessors handle user data processing tasks on behalf of the software application. | ||
- | ^Name (Manufacturer)^ \\ Data Processing Agreement^Critical to application? | + | ^Name (Manufacturer)^ \\ Data Processing Agreement^Critical to application? |
- | |Airplane.dev|Signed, available upon request \\ \\ [[https://airplane.dev|https://airplane.dev]]| \\ No|Internal customer support applications|User emails and billing data| | + | |Abstra|Signed, available upon request \\ \\ [[https://www.abstra.io/|https://www.abstra.io/]]|No|Internal customer support applications|User emails and billing data|Brazil| |
- | |Auth0|[[https:// | + | |Auth0|[[https:// |
- | |HubSpot|[[https:// | + | |HubSpot|[[https:// |
- | |Metabase|[[https:// | + | |Metabase|[[https:// |
- | |OpenAI|Signed, | + | |OpenAI|Signed, |
- | |Scite|[[https:// | + | |Scite|[[https:// |
- | |Stripe|[[https:// | + | |Stripe|[[https:// |
==== List of Infrastructure Providers ==== | ==== List of Infrastructure Providers ==== | ||
Line 42: | Line 42: | ||
Infrastructure Providers house the physical hardware used to run the application. These providers do not process user data, although they contain it. | Infrastructure Providers house the physical hardware used to run the application. These providers do not process user data, although they contain it. | ||
- | ^Name (Manufacturer)^Data Processing Agreement^Purpose| | + | ^Name (Manufacturer)^Data Processing Agreement^Purpose^Data Processed| |
- | |AWS (Amazon)|[[https:// | + | |AWS (Amazon)|[[https:// |
- | |GCP (Alphabet)|[[https:// | + | |GCP (Alphabet)|[[https:// |
==== List of third-party providers ==== | ==== List of third-party providers ==== | ||
Line 67: | Line 67: | ||
We will document roles. responsibilities, | We will document roles. responsibilities, | ||
+ | |||
+ | Upon client request, disclosure of all contracts with third party service providers where such third party service providers are involved in the client' | ||
==== Compliance and Updates ==== | ==== Compliance and Updates ==== | ||
Line 74: | Line 76: | ||
==== Communicating Updates ==== | ==== Communicating Updates ==== | ||
- | When new third party vendors | + | When new third party sub-processors |
+ | |||
+ | ==== Termination of Services ==== | ||
+ | |||
+ | When Nested Knowledge terminates a contract with a sub-processor, | ||
+ | |||
+ | ===== V. Third-Party Provider Data Breaches ===== | ||
+ | |||
+ | ^Timestamp^Event^Description^Reporting^Status| | ||
+ | | \\ 07-13-2023 - \\ \\ 07-28-2023|Detection of vulnerabilities|Vulnerabilities with the H2 database.|[[https:// | ||
+ | | \\ 03-20-2023 1:00AM PT - \\ \\ 03-20-2023 10:00 AM PT|Leakage of other users' personal data|Other active users name, email address, credit card number, and credit card expiration date were visible to active Open AI users managing their subscriptions.|[[https:// | ||
+ | |03-18-2023|Compromised employee account|Affected 30 accounts in the Cryptocurrent industry.|[[https:// | ||
===== Revision History ===== | ===== Revision History ===== | ||
Line 81: | Line 94: | ||
|K. Kallmes|1/ | |K. Kallmes|1/ | ||
|K. Cowie|1/ | |K. Cowie|1/ | ||
- | |K. Holub|9/28/2023|Monitoring updates| | + | |K. Holub|6/24/2024|Updating subprocessors (remove Airplane.dev)| |
[[: | [[: | ||