Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace:
wiki:policies:third_party

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
wiki:policies:third_party [2023/10/23 21:16]
kevinkallmes [Third-Party Services and Subprocesors Policy] 		wiki:policies:third_party [2024/03/05 14:48] (current)
katcow
Line 29: Line 29:
 Subprocessors handle user data processing tasks on behalf of the software application. Subprocessors handle user data processing tasks on behalf of the software application.
  
-^Name (Manufacturer)^ \\ Data Processing Agreement^Critical to application?^Purpose^Data Processed| +^Name (Manufacturer)^ \\ Data Processing Agreement^Critical to application?^Purpose^Data Processed^Country
-|Airplane.dev|Signed, available upon request \\  \\ [[https://airplane.dev|https://airplane.dev]]| \\ No|Internal customer support applications|User emails and billing data| +|Airplane.dev|Signed, available upon request \\  \\ [[https://airplane.dev|https://airplane.dev]]| \\ No|Internal customer support applications|User emails and billing data|CA, United States| 
-|Auth0|[[https://cdn.auth0.com/website/legal/files/dpa/data-processing-addendum-8-20.pdf?_ga=2.258302026.118688053.1602587623-55110928.1602587623|Auth0 DPA]]|Yes|authentication of users accounts for the NK application.| \\ User email and password or social login account identifiers and Login history| +|Abstra|Signed, available upon request \\  \\ [[https://www.abstra.io/|https://www.abstra.io/]]|No|Internal customer support applications|User emails and billing data|Brazil
-|HubSpot|[[https://legal.hubspot.com/dpa|https://legal.hubspot.com/dpa]]|No|Send release and marketing emails to users|Full name and email addresses of users. \\ Users can have their personal or organizational data deleted at any time. All user data is deleted from HubSpot if an account is deleted.| +|Auth0|[[https://cdn.auth0.com/website/legal/files/dpa/data-processing-addendum-8-20.pdf?_ga=2.258302026.118688053.1602587623-55110928.1602587623|Auth0 DPA]]|Yes|authentication of users accounts for the NK application.| \\ User email and password or social login account identifiers and Login history|United States
-|Metabase|[[https://www.metabase.com/license/hosting|https://www.metabase.com/license/hosting]]|No|User analytics|User accounts & activity| +|HubSpot|[[https://legal.hubspot.com/dpa|https://legal.hubspot.com/dpa]]|No|Send release and marketing emails to users|Full name and email addresses of users. \\ Users can have their personal or organizational data deleted at any time. All user data is deleted from HubSpot if an account is deleted.|MA, United States
-|OpenAI|Signed, available upon request|No|Screening model features|Record abstracts| +|Metabase|[[https://www.metabase.com/license/hosting|https://www.metabase.com/license/hosting]]|No|User analytics|User accounts & activity|United States
-|Scite|[[https://scite.ai/policy|https://scite.ai/policy]]|No|Screening model features, record display badge|Record DOIs| +|OpenAI|Signed, available upon request|No|Screening model features|Record abstracts|United States
-|Stripe|[[https://stripe.com/legal/dpa|https://stripe.com/legal/dpa]]|No|Payment services|User email, location, subscription, and payment details|+|Scite|[[https://scite.ai/policy|https://scite.ai/policy]]|No|Screening model features, record display badge|Record DOIs|United States
 +|Stripe|[[https://stripe.com/legal/dpa|https://stripe.com/legal/dpa]]|No|Payment services|User email, location, subscription, and payment details|United States|
  
 ==== List of Infrastructure Providers ==== ==== List of Infrastructure Providers ====
Line 69: Line 70:
  
 Upon client request, disclosure of all contracts with third party service providers where such third party service providers are involved in the client's deliverables shall be made. Upon client request, disclosure of all contracts with third party service providers where such third party service providers are involved in the client's deliverables shall be made.
 +
 ==== Compliance and Updates ==== ==== Compliance and Updates ====
  
Line 75: Line 77:
 ==== Communicating Updates ==== ==== Communicating Updates ====
  
-When new third party subprocessors are to be added, data supplied to vendors is to change, or the vendor's processing agreement are to change, all affected users will be notified via email with at least 7 days notice.+When new third party sub-processors are to be added, data supplied to vendors is to change, or the vendor's processing agreement are to change, all affected users will be notified via email with at least 7 days notice
 + 
 +==== Termination of Services ==== 
 + 
 +When Nested Knowledge terminates a contract with a sub-processor, within 60 days we will request deletion of all personal data. Nested Knowledge will review the data deletion/backup retention policies of our sub-processor and inquire about practices if it is not sufficently documented.
  
 ===== V. Third-Party Provider Data Breaches ===== ===== V. Third-Party Provider Data Breaches =====
  
 ^Timestamp^Event^Description^Reporting^Status| ^Timestamp^Event^Description^Reporting^Status|
-| \\ 07-13-2023 - \\  \\ 07-28-2023 \\ |Detection of vulnerabilities|Vulnerabilities with the H2 database. |[[https://www.metabase.com/blog/security-incident-summary|Metabase Post-Mortem]]|No impact on Nested Knowledge data as Nested Knowledge is a Metabase's Cloud customer. | +| \\ 07-13-2023 - \\  \\ 07-28-2023|Detection of vulnerabilities|Vulnerabilities with the H2 database.|[[https://www.metabase.com/blog/security-incident-summary|Metabase Post-Mortem]]|No impact on Nested Knowledge data as Nested Knowledge is a Metabase's Cloud customer.| 
-| \\ 03-20-2023 1:00AM PT - \\  \\ 03-20-2023 10:00 AM PT \\ |Leakage of other users' personal data |Other active users name, email address, credit card number, and credit card expiration date were visible to active Open AI users managing their subscriptions. |[[https://openai.com/blog/march-20-chatgpt-outage|Open AI Statement]]|No impact on Nested Knowledge data.| +| \\ 03-20-2023 1:00AM PT - \\  \\ 03-20-2023 10:00 AM PT|Leakage of other users' personal data|Other active users name, email address, credit card number, and credit card expiration date were visible to active Open AI users managing their subscriptions.|[[https://openai.com/blog/march-20-chatgpt-outage|Open AI Statement]]|No impact on Nested Knowledge data.| 
-|03-18-2023|Compromised employee account|Affected 30 accounts in the Cryptocurrent industry. |[[https://ir.hubspot.com/news/hubspots-statement-regarding-march-18-2022-security-incident|Hubspot statement]]|No impact on Nested Knowledge data.|+|03-18-2023|Compromised employee account|Affected 30 accounts in the Cryptocurrent industry.|[[https://ir.hubspot.com/news/hubspots-statement-regarding-march-18-2022-security-incident|Hubspot statement]]|No impact on Nested Knowledge data.|
  
 ===== Revision History ===== ===== Revision History =====
wiki/policies/third_party.1698095812.txt.gz · Last modified: 2023/10/23 21:16 by kevinkallmes

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki