List of Data Subprocessors
List of Data Subprocessors
In order to support the delivery of Fyr (“Fyr”, “our”, “we”) services, we may transfer personal data to our designated sub-processors. We use such sub-processors for hosting and storage purposes, communications tools, customer support, and otherwise to enable functionality within our services.
Below is the list of our sub-processors with which we engage and with whom we may share personal data.
Last updated: 04 September, 2024
| Name of subprocessor | Description of processing purpose and processor | Categories of Personal Data | Location of Processing |
|---|---|---|---|
| DigitalOcean | Hosting Services (Cloud computing and storage services). DigitalOcean supports the GDPR and all DigitalOcean services comply with its provisions: https://www.digitalocean.com/legal/gdpr DigitalOcean AMS3 is AICPA SOC 2 Type II compliant and ISO/IEC 27001:2013 certified. DigitalOcean certification reports: https://www.digitalocean.com/trust/certification-reports. DigitalOcean DPA: https://www.digitalocean.com/legal/data-processing-agreement | User data (Personal data contained in user account information) and text or files created by customer. | AMS3 (Amsterdam, EU) |
| Functional Software Inc. (Sentry) | Application monitoring and error management. Sentry is ISO 27001:2013 certified and SOC 2 TYPE II compliant. Sentry DPA: https://sentry.io/legal/dpa/ | User data (Personal data contained in user account information) and text or files created by customer. | Frankfurt, Germany, EU |
| Mailgun | Communications technology provider for product notifications. Mailgun is ISO27001 and ISO27701 certified, and SOC2 Type I and SOC2 Type II compliant. Mailgun also meets the HIPPA standards. Mailgun DPA: https://www.mailgun.com/legal/dpa/ | Contact information such as name, email, business address, role and phone number. | EU |
| Hotjar | Analysis of product usage to improve user experience. Hotjar has undertaken the required business and technology steps to operate in a manner compliant with GDPR: https://help.hotjar.com/hc/en-us/articles/360045447214-Compliance-at-Hotjar#section_1 Hotjar uses AWS servers for cloud computing, which are both SOC2 compliant and ISO27001 certified: https://help.hotjar.com/hc/en-us/articles/115011639887-Data-Safety-Privacy-Security Hotjar DPA: https://www.hotjar.com/legal/support/dpa/ | User data (Personal data contained in user account information) and text or files created by customer. | Ireland, EU |
| Google LLC (Google Analytics) | Behavioral analytics, assigns web site visitors unique IDs and tracks details like clicks, pages visited, bounces and other usage data. | User ID, Cookies and user behaviour. | EU |
| OpenAI | Generative AI services provider for intelligence product features. OpenAI is SOC 2 Type II compliant and ISO 27001 certified. OpenAI DPA: https://openai.com/policies/data-processing-addendum/ OpenAI may transfer data to other jurisdictions, if they do they use EU SCCs or an adequacy decision issued by the European Commision under Article 45 GDPR (OpenAI Data Processing Addendum 7.a) | By default; none. It's optional for Fyr users to share data. Data in question is contained in information added manually by the Fyr user. Fyr users is informed and must consent before using OpenAI specific features. | Ireland / USA |
| Mailchimp (The Rocket Science Group LLC d/b/a // Intuit) | Communications technology provider for product notifications, newsletters and other types of email communication. Mailchimp DPA: https://mailchimp.com/legal/data-processing-addendum/ Mailchimp is ISO 27001 certified and SOC2 compliant: https://mailchimp.com/about/security/ Mailchimp (as part of Intuit // The Rocket Science Group LLC d/b/a) is an active participant in the Data Privacy Framework Program. | Contact information such as name, email, business address, role and phone number. | USA |
| Salesforce Inc. (Slack) | Facilitate Service Management and Project Collaboration - Provide Instant Messaging for both external and internal communication. Slack’s GDPR commitment: https://slack.com/intl/en-gb/trust/compliance/gdpr Slack is ISO 27001, 27017, 27018, 27701 certified and SOC 2 Type II and SOC 3 compliant: https://slack.com/intl/en-gb/trust/security Salesforce DPA: https://slack.com/intl/en-gb/terms-of-service/data-processing Salesforce (including Slack) is an active participant in the Data Privacy Framework Program. | Email and (optional) Name. | USA |
| Pipedrive Inc. (Pipedrive) | Sales Pipeline Management. Pipedrive adheres to both SOC 2 and SOC 3, and is ISO27001 certified. Pipedrive is commited to meet the GDPR requirements: https://support.pipedrive.com/en/article/pipedrive-and-gdpr Pipedrive inc is an active participant in the Data Privacy Framework Program. | Contact information such as name, email, business address, role and phone number. | EU |
| Pandadoc | Sales Processing document automation software as a service with built-in electronic signatures, workflow management, a document builder, and CPQ functionality. Pandadoc is SOC Type 2 certified. Pandadoc, Inc. is an active participant in the Data Privacy Framework Program. | Contact information such as name, email, business address, role and phone number. | USA |
| PowerOffice | Accounting system software. Poweroffice “Personsvernerklæring” (Norwegian only): https://www.poweroffice.no/personvernerklaering Poweroffice is GDPR compliant (Norwegian only): https://www.poweroffice.no/personvern | Financial information such as invoice, order, account number, name, email, business address and phone number. | EU |
| Microsoft 365 (inc. Microsoft Teams) | Email and collaboration services. Microsoft adheres to SOC 2, and is ISO27001 certified. | Contact information such as name, email, business address, role and phone number. | EU |
| Google LLC (Google Workspace) | Internal file storage, spreadsheets and collaboration services (Meet and Docs). Google Workspace is compliant with ISO 27001, SOC 2 and SOC 3 | Contact information such as name, email, business address, role and phone number. | EU |