List of Sub-Processors
  • 10 Jul 2023
  • 5 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

List of Sub-Processors

  • Dark
    Light
  • PDF

Article summary

Sub-Processor definition

In support of our Data Protection Agreement we maintain a list of "Sub-Processors" - defined as other Data Processors contracted by Cirrus to process "Personal Data" to support servicing you as a Customer (Data Controller).

  • If a partner contracted by Cirrus does NOT process "Personal Data", better known as "Personal Identifiable Information" or PII, they are NOT a Data Processor under the GDPR and therefore not a Sub-Processor under our Data Protection Agreement.
  • If a Partner is contracted directly by the Customer, they are NOT (a Sub-Processor) in scope of the Cirrus Data Protection Agreement.
Complete list of partners including compliance info

For completeness sake we have also listed those partners and marked them "(Out-of-Scope)".
To optimally facilitate you we strive to provide up-to-date direct links to our partners Compliance information ("Compliance Info").

For some Sub-Processors Cirrus merely links to another website without sending any (user)data, these are marked "IP address only". Note that an IP address must be considered as PII, see EU - What is personal data?.

List of Platform URLs

For the list of URLs used by the Cirrus Platform we kindly refer you to our Cirrus Platform URLs article in our developers portal

Cirrus End-Users

In this section we list Sub-Processors processing data for our end-users; users of the Cirrus Platform.

Core Sub-Processors

Sub-Processors that are core to the Cirrus Platform.

Sub-ProcessorPurposeCountry/LocationCompliance InfoStatus PageRemarks
Amazon AWSFacilitate Assessment Process - Hosting Customer DataEU: Ireland/Dublin (and Stockholm/Sweden), AU: Australia/Sydney, CA: Montreal/Canada, SG: Singapore/SingaporeAWS Compliance, Useful links: AWS ISO/IEC 27001, AWS ISO/IEC 27017, AWS ISO/IEC 27018, AWS SOC, AWS GDPR DPAAWS HealthThe most important sub processor as it hosts the Cirrus Platform including its Customer Data. NOTE: For your convenience we have added useful links to the AWS pages containing their ISO certificates (e.g. "AWS ISO/IEC 27001:2013 Certification"), SOC 3 report ("AWS SOC 3 Security, Availability & Confidentiality Report") and AWS GDPR DPA (Data Processing Agreement). EU Stockholm is a backup location for EU Premium.

Optional Sub-Processors

Customers (Data-Controllers), in particular Customer' System Adminstrators in Cirrus may enable optional Sub-Processors.

Sub-ProcessorPurposeCountry/LocationCompliance InfoStatus PageRemarks
Document360Facilitate Assessment Management - Provides Help Widget - Help Centre / Knowledge BaseGlobal, incl. India, see Azure global infrastructure plus Global CDNs (Stackpath (OpenJSF), JSDeliver, Google Fonts, CloudFlare (FontAwesome) locations)Document360 GDPR plus CDNs (OpenJSF, JSDeliver, Google Fonts, FontAwesome privacy policies)status.document360.comIP Address only - NOTE: Author/admin can activate this by clicking (?) or seeking help
ImgIXFacilitate Assessment Process - Process imagesAWS Region, USAPrivacy Policystatus.imgix.comIP Address only. NOTE: Author can upload images that need to be resized. All (image) data is stored in the AWS Region of the Cirrus Platform, see Amazon AWS above.
webspellchecker.netFacilitate Assessment Process - Provide Spell-checking service alternative for Browser build-inUS (Virginia)webspellchecker Compliance.status.webspellchecker.comNOTE: Author can enable this spell-checking for Essay questions.

Add-On Sub-Processors

Customers (Data-Controllers) may subscribe to use additional "Add-On" Sub-Processors.

Sub-ProcessorPurposeCountry/LocationCompliance InfoStatus PageRemarks
ProctorioFacilitate Exams - Remote proctoringUS: US, EU: EU, see Proctorio Privacy and AWS global infrastructure / Azure global infrastructureProctorio Compliance / Release Notesuptime.proctorio.comIf and only if contracted through Cirrus is Proctorio a Sub-Processor.

Sub-Contractors (Out-of-Scope)

If a Sub-Contractor does NOT process "Personal Data", better known as Personal Identifiable Information or PII, they are by definition not a "Data Processor" under the GDPR and not a Sub-Processor under our Data Privacy Agreement.

Sub-ContractorPurposeCountry/LocationCompliance InfoStatus PageRemarks
SowisoFacilitate Exams and Marking - Process Math answersNetherlandsInformation Security Policy / Privacy Policy / Release Notes?No PII. (No IP address in Server-to-Server)

Customer Sub-Contractors (Out-of-Scope)

If a Partner is contracted directly by the Customer they are not in scope of the Cirrus Data Protection Agreement.

PartnersPurposeCountry/LocationCompliance InfoStatus PageRemarks
EcobitFacilitate Marking - Scanning printed answers (Print & Scan)NetherlandsEcobit DPACandidate name and signature
ProctorioFacilitate Exams - Remote proctoringUS: US, EU: EU, see Proctorio Privacy and AWS global infrastructure / Azure global infrastructureProctorio Compliance / Release Notesuptime.proctorio.comIf contracted directly by Customer.
ProctorUFacilitate Exams - Remote proctoringProctorU C omplianceContracted directly by Customer.
ReadspeakerFacilitate Exams - Reading Cirrus/Exam texts out loudNetherlandsPrivacy Policy / Release Notes?IP address only
TurnItInFacilitate Marking - Plagarism DetectionUS, EU, APACTurnItIn Privacy and SecurityTurnItIn StatusContracted directly by Customer

Cirrus Service Management

For completeness we also include our Cirrus Service Management tooling used by Cirrus to collaborate with Customer's Super Users and other contacts.

Service Management Sub-Processors

Sub-ProcessorPurposeCountry/LocationCompliance InfoStatus PageRemarks
AirtableFacilitate Service Management - Store Service informationVirginia, US (AWS)Airtable Security Airtable PrivacyEmail and names of service contacts.
AtlassianFacilitate Service Management - Notify subscribers of Status Page updatesIreland/Dublin, Germany/Frankfurt, USA/N. CaliforniaAtlassian Compliance, Atlassian GDPRmetastatuspage.comOnly email of email notification subscribers.
AtlassianFacilitate Service Management - Customer Portal, report and track requestsIreland/Dublin, Germany/Frankfurt, USA/N. CaliforniaAtlassian Compliance, Atlassian GDPRjira-service-management.status.atlassian.comEmail and optionally name of request participants.
Document360See Document360 under Optional Sub-ProcessorsProvides Help Centre / Knowledge Base (and Help Widget)See Document360See Document360 under Optional Sub-ProcessorsSee Document360 under Optional Sub-Processors
Google WorkspaceFacilitate Service Management and Project Collaboration - Provide Mail, Document and VideoconferencingGlobal, see Google data center locationsGoogle Cloud Compliance EUWorkspace Dashboard
MailchimpFacilitate Service Management - Mail Service and Product update informationUSMailchimp GDPR & ComplianceOnly for recipients; Email and consent, optionally first name of newsletter recipients.
PipedriveFacilitate Service Management - Store Service and Product update informationUS and EU, see Rackspace Data CentresPipedrive Privacy & SecurityEmail and consent, optionally name of newsletter recipients.
SlackFacilitate Service Management and Project Collaboration - Provide Instant MessagingUnited States, Australia, Canada, France, Germany, India, Japan, South Korea, United Kingdom, See Slack SubprocessorsSlack Compliancestatus.slack.comOptional.
WeFactInvoicingEUWeFact VeiligheidInvoice contact name and email

Was this article helpful?

What's Next