Contents x
    List of Sub-Processors
    • 10 Jul 2023
    • 5 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    List of Sub-Processors

    • Updated on 10 Jul 2023
    • 5 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Sub-Processor definition

    In support of our Data Protection Agreement we maintain a list of "Sub-Processors" - defined as other Data Processors contracted by Cirrus to process "Personal Data" to support servicing you as a Customer (Data Controller).

    • If a partner contracted by Cirrus does NOT process "Personal Data", better known as "Personal Identifiable Information" or PII, they are NOT a Data Processor under the GDPR and therefore not a Sub-Processor under our Data Protection Agreement.
    • If a Partner is contracted directly by the Customer, they are NOT (a Sub-Processor) in scope of the Cirrus Data Protection Agreement.
    Complete list of partners including compliance info

    For completeness sake we have also listed those partners and marked them "(Out-of-Scope)".
    To optimally facilitate you we strive to provide up-to-date direct links to our partners Compliance information ("Compliance Info").

    For some Sub-Processors Cirrus merely links to another website without sending any (user)data, these are marked "IP address only". Note that an IP address must be considered as PII, see EU - What is personal data?.

    List of Platform URLs

    For the list of URLs used by the Cirrus Platform we kindly refer you to our Cirrus Platform URLs article in our developers portal

    Cirrus End-Users

    In this section we list Sub-Processors processing data for our end-users; users of the Cirrus Platform.

    Core Sub-Processors

    Sub-Processors that are core to the Cirrus Platform.

    Sub-ProcessorPurposeCountry/LocationCompliance InfoStatus PageRemarks
    Amazon AWSFacilitate Assessment Process - Hosting Customer DataEU: Ireland/Dublin (and Stockholm/Sweden), AU: Australia/Sydney, CA: Montreal/Canada, SG: Singapore/SingaporeAWS Compliance, Useful links: AWS ISO/IEC 27001, AWS ISO/IEC 27017, AWS ISO/IEC 27018, AWS SOC, AWS GDPR DPAAWS HealthThe most important sub processor as it hosts the Cirrus Platform including its Customer Data. NOTE: For your convenience we have added useful links to the AWS pages containing their ISO certificates (e.g. "AWS ISO/IEC 27001:2013 Certification"), SOC 3 report ("AWS SOC 3 Security, Availability & Confidentiality Report") and AWS GDPR DPA (Data Processing Agreement). EU Stockholm is a backup location for EU Premium.

    Optional Sub-Processors

    Customers (Data-Controllers), in particular Customer' System Adminstrators in Cirrus may enable optional Sub-Processors.

    Sub-ProcessorPurposeCountry/LocationCompliance InfoStatus PageRemarks
    Document360Facilitate Assessment Management - Provides Help Widget - Help Centre / Knowledge BaseGlobal, incl. India, see Azure global infrastructure plus Global CDNs (Stackpath (OpenJSF), JSDeliver, Google Fonts, CloudFlare (FontAwesome) locations)Document360 GDPR plus CDNs (OpenJSF, JSDeliver, Google Fonts, FontAwesome privacy policies)status.document360.comIP Address only - NOTE: Author/admin can activate this by clicking (?) or seeking help
    ImgIXFacilitate Assessment Process - Process imagesAWS Region, USAPrivacy Policystatus.imgix.comIP Address only. NOTE: Author can upload images that need to be resized. All (image) data is stored in the AWS Region of the Cirrus Platform, see Amazon AWS above.
    webspellchecker.netFacilitate Assessment Process - Provide Spell-checking service alternative for Browser build-inUS (Virginia)webspellchecker Compliance.status.webspellchecker.comNOTE: Author can enable this spell-checking for Essay questions.

    Add-On Sub-Processors

    Customers (Data-Controllers) may subscribe to use additional "Add-On" Sub-Processors.

    Sub-ProcessorPurposeCountry/LocationCompliance InfoStatus PageRemarks
    ProctorioFacilitate Exams - Remote proctoringUS: US, EU: EU, see Proctorio Privacy and AWS global infrastructure / Azure global infrastructureProctorio Compliance / Release Notesuptime.proctorio.comIf and only if contracted through Cirrus is Proctorio a Sub-Processor.

    Sub-Contractors (Out-of-Scope)

    If a Sub-Contractor does NOT process "Personal Data", better known as Personal Identifiable Information or PII, they are by definition not a "Data Processor" under the GDPR and not a Sub-Processor under our Data Privacy Agreement.

    Sub-ContractorPurposeCountry/LocationCompliance InfoStatus PageRemarks
    SowisoFacilitate Exams and Marking - Process Math answersNetherlandsInformation Security Policy / Privacy Policy / Release Notes?No PII. (No IP address in Server-to-Server)

    Customer Sub-Contractors (Out-of-Scope)

    If a Partner is contracted directly by the Customer they are not in scope of the Cirrus Data Protection Agreement.

    PartnersPurposeCountry/LocationCompliance InfoStatus PageRemarks
    EcobitFacilitate Marking - Scanning printed answers (Print & Scan)NetherlandsEcobit DPACandidate name and signature
    ProctorioFacilitate Exams - Remote proctoringUS: US, EU: EU, see Proctorio Privacy and AWS global infrastructure / Azure global infrastructureProctorio Compliance / Release Notesuptime.proctorio.comIf contracted directly by Customer.
    ProctorUFacilitate Exams - Remote proctoringProctorU C omplianceContracted directly by Customer.
    ReadspeakerFacilitate Exams - Reading Cirrus/Exam texts out loudNetherlandsPrivacy Policy / Release Notes?IP address only
    TurnItInFacilitate Marking - Plagarism DetectionUS, EU, APACTurnItIn Privacy and SecurityTurnItIn StatusContracted directly by Customer

    Cirrus Service Management

    For completeness we also include our Cirrus Service Management tooling used by Cirrus to collaborate with Customer's Super Users and other contacts.

    Service Management Sub-Processors

    Sub-ProcessorPurposeCountry/LocationCompliance InfoStatus PageRemarks
    AirtableFacilitate Service Management - Store Service informationVirginia, US (AWS)Airtable Security Airtable PrivacyEmail and names of service contacts.
    AtlassianFacilitate Service Management - Notify subscribers of Status Page updatesIreland/Dublin, Germany/Frankfurt, USA/N. CaliforniaAtlassian Compliance, Atlassian GDPRmetastatuspage.comOnly email of email notification subscribers.
    AtlassianFacilitate Service Management - Customer Portal, report and track requestsIreland/Dublin, Germany/Frankfurt, USA/N. CaliforniaAtlassian Compliance, Atlassian GDPRjira-service-management.status.atlassian.comEmail and optionally name of request participants.
    Document360See Document360 under Optional Sub-ProcessorsProvides Help Centre / Knowledge Base (and Help Widget)See Document360See Document360 under Optional Sub-ProcessorsSee Document360 under Optional Sub-Processors
    Google WorkspaceFacilitate Service Management and Project Collaboration - Provide Mail, Document and VideoconferencingGlobal, see Google data center locationsGoogle Cloud Compliance EUWorkspace Dashboard
    MailchimpFacilitate Service Management - Mail Service and Product update informationUSMailchimp GDPR & ComplianceOnly for recipients; Email and consent, optionally first name of newsletter recipients.
    PipedriveFacilitate Service Management - Store Service and Product update informationUS and EU, see Rackspace Data CentresPipedrive Privacy & SecurityEmail and consent, optionally name of newsletter recipients.
    SlackFacilitate Service Management and Project Collaboration - Provide Instant MessagingUnited States, Australia, Canada, France, Germany, India, Japan, South Korea, United Kingdom, See Slack SubprocessorsSlack Compliancestatus.slack.comOptional.
    WeFactInvoicingEUWeFact VeiligheidInvoice contact name and email
    Was this article helpful?
    What's Next