Subprocessors

Last Revised: June 27, 2024

Introduction

Instabase, Inc. and its subsidiaries (“Instabase”) use Subprocessors in providing its Platform products and services (“Instabase Service” or “Services”).

What is a Subprocessor

A Subprocessor is a third-party data processor, utilized by Instabase while providing Services to its customers. In some cases, a Subprocessor is an Instabase subsidiary that receives or processes Customer Data. Instabase may engage one or more Subprocessors from the lists below, based on Customer location and Services provided.

Process to Engage New Subprocessors

As an Instabase customer, you may subscribe to receive notifications of new Subprocessor(s) for each applicable Instabase Service. Instabase shall provide at least 30 days (email) notice to its customers, before a new Subprocessor begins processing Customer Data. Pursuant to the applicable agreement with a customer, a customer may have the right to object to the processing of its Personal Data by a new Subprocessor. Please refer to the DPA for additional details.

You can subscribe to receive email notifications for changes to Instabase Subprocessors by emailing the following information to compliance@instabase.com:

  • Customer Name
  • Customer Address
  • Executed copy of the Customer-Instabase Data Processing Addendum

To edit your email notification information, please re-submit a request to compliance@instabase.com, with the subject title “Change in Contact Information”.

Infrastructure Subprocessors

Entity NamePurposeEntity CountrySecurity and Compliance Validations
Amazon Web Services, Inc.Cloud Service ProviderUnited States, European Union, and United KingdomISO 9001, ISO 27001, ISO 27017, ISO 27018, SOC 1/ISAE 3402, SOC 2, SOC 3, FISMA, DIACAP, and FedRAMP, PCI DSS Level 1

Additional Details:https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html
Google LLCCloud Service ProviderUnited States, European Union, and United KingdomCloud Computing Compliance Controls Catalog (C5) | CSA | GSMA SAS-SM | Higher Education Cloud Vendor Assessment Tool (HECVAT) | ISO 9001:2015 | ISO 22301:2019 & BS EN ISO 22301:2019 | ISO 50001:2018 | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | PCI 3DS Core Security Standard | PCI DSS | SOC 1 | SOC 2 | SOC 3 | VPAT (WCAG, U.S. Section 508, EN 301 549)

Additional Details:https://cloud.google.com/security/compliance
Microsoft CorporationCloud Service ProviderUnited States, European Union, and United KingdomISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 9001, SOC 1, SOC 2 Type 2, SOC 3

Additional Details:https://learn.microsoft.com/en-us/azure/compliance/

Support-specific Subprocessors

Entity NamePurposeEntity CountrySecurity and Compliance Validations
ZendeskInstabase utilizes Zendesk to provide support ticketingUnited StatesISO 27001:2013, ISO 27018:2014, ISO 27701:2019, FedRAMP LI-SaaS, SOC2 Type 2

Additional Details: https://www.zendesk.com/trust-center/#anchor-compliance
SendSafelyInstabase utilizes SendSafely as a secure data exchange platform United StatesAdditional Details: https://www.sendsafely.com/security/

Cognitive Services Subprocessors

Entity NamePurposeEntity CountrySecurity and Compliance Validations
OpenAICognitive ServicesUnited StatesSOC 2 Type 2

Additional Details: https://openai.com/policies/api-data-usage-policies
MicrosoftCognitive ServicesUnited States, European UnionISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 9001, SOC 1, SOC 2 Type 2, SOC 3

Additional Details:https://learn.microsoft.com/en-us/azure/compliance/
Google LLCCognitive ServicesUnited StatesCloud Computing Compliance Controls Catalog (C5) | CSA | GSMA SAS-SM | Higher Education Cloud Vendor Assessment Tool (HECVAT) | ISO 9001:2015 | ISO 22301:2019 & BS EN ISO 22301:2019 | ISO 50001:2018 | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | PCI 3DS Core Security Standard | PCI DSS | SOC 1 | SOC 2 | SOC 3 | VPAT (WCAG, U.S. Section 508, EN 301 549)

Additional Details:https://cloud.google.com/security/compliance

Instabase Affiliates

Entity NameEntity Country
Instabase Technologies Canada, IncCanada
Instabase Technologies Germany GmbHGermany
Instabase India Private LimitedIndia
Instabase Singapore PTE, LTDSingapore
Instabase UK LimitedUnited Kingdom