Introduction
Instabase, Inc. and its subsidiaries (“Instabase”) use Subprocessors in providing its Platform products and services (“Instabase Service” or “Services”).
What is a Subprocessor
A Subprocessor is a third-party data processor, utilized by Instabase while providing Services to its customers. In some cases, a Subprocessor is an Instabase subsidiary that receives or processes Customer Data. Instabase may engage one or more Subprocessors from the lists below, based on Customer location and Services provided.
Process to Engage New Subprocessors
As an Instabase customer, you may subscribe to receive notifications of new Subprocessor(s) for each applicable Instabase Service. Instabase shall provide at least 30 days (email) notice to its customers, before a new Subprocessor begins processing Customer Data. Pursuant to the applicable agreement with a customer, a customer may have the right to object to the processing of its Personal Data by a new Subprocessor. Please refer to the DPA for additional details.
You can subscribe to receive email notifications for changes to Instabase Subprocessors by emailing the following information to compliance@instabase.com:
- Customer Name
- Customer Address
- Executed copy of the Customer-Instabase Data Processing Addendum
To edit your email notification information, please re-submit a request to compliance@instabase.com, with the subject title “Change in Contact Information”.
Infrastructure Subprocessors
| Entity Name | Purpose | Entity Country | Security and Compliance Validations |
| Amazon Web Services, Inc. | Cloud Service Provider | United States, European Union, and United Kingdom | ISO 9001, ISO 27001, ISO 27017, ISO 27018, SOC 1/ISAE 3402, SOC 2, SOC 3, FISMA, DIACAP, and FedRAMP, PCI DSS Level 1 Additional Details:https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html |
| Google LLC | Cloud Service Provider | United States, European Union, and United Kingdom | Cloud Computing Compliance Controls Catalog (C5) | CSA | GSMA SAS-SM | Higher Education Cloud Vendor Assessment Tool (HECVAT) | ISO 9001:2015 | ISO 22301:2019 & BS EN ISO 22301:2019 | ISO 50001:2018 | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | PCI 3DS Core Security Standard | PCI DSS | SOC 1 | SOC 2 | SOC 3 | VPAT (WCAG, U.S. Section 508, EN 301 549) Additional Details:https://cloud.google.com/security/compliance |
| Microsoft Corporation | Cloud Service Provider | United States, European Union, and United Kingdom | ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 9001, SOC 1, SOC 2 Type 2, SOC 3 Additional Details:https://learn.microsoft.com/en-us/azure/compliance/ |
Support-specific Subprocessors
| Entity Name | Purpose | Entity Country | Security and Compliance Validations |
| Zendesk | Instabase utilizes Zendesk to provide support ticketing | United States | ISO 27001:2013, ISO 27018:2014, ISO 27701:2019, FedRAMP LI-SaaS, SOC2 Type 2 Additional Details: https://www.zendesk.com/trust-center/#anchor-compliance |
| SendSafely | Instabase utilizes SendSafely as a secure data exchange platform | United States | Additional Details: https://www.sendsafely.com/security/ |
Cognitive Services Subprocessors
| Entity Name | Purpose | Entity Country | Security and Compliance Validations |
| OpenAI | Cognitive Services | United States, Europe | SOC 2 Type 2 Additional Details: https://openai.com/policies/api-data-usage-policies |
| Microsoft | Cognitive Services | United States, European Union | ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 9001, SOC 1, SOC 2 Type 2, SOC 3 Additional Details:https://learn.microsoft.com/en-us/azure/compliance/ |
| Google LLC | Cognitive Services | United States | Cloud Computing Compliance Controls Catalog (C5) | CSA | GSMA SAS-SM | Higher Education Cloud Vendor Assessment Tool (HECVAT) | ISO 9001:2015 | ISO 22301:2019 & BS EN ISO 22301:2019 | ISO 50001:2018 | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | PCI 3DS Core Security Standard | PCI DSS | SOC 1 | SOC 2 | SOC 3 | VPAT (WCAG, U.S. Section 508, EN 301 549) Additional Details:https://cloud.google.com/security/compliance |
Instabase Affiliates
| Entity Name | Entity Country |
| Instabase Technologies Canada, Inc | Canada |
| Instabase Technologies Germany GmbH | Germany |
| Instabase India Private Limited | India |
| Instabase Singapore PTE, LTD | Singapore |
| Instabase UK Limited | United Kingdom |