Insites Technologies Ltd
sub-processor list
Purpose
Session
Analytics
Tracking and analytics cookies
Tracking and analytics cookies.
Geotargeting
Registration
Site Performance
We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
Tracking and analytics cookies.
We use Hotjar to record the interactions you have with our site. This information is store anonymously, and is used to help us optimise the user journeys on our website.
EU
Amazon Web Services – EU
Basic contact information for the purpose of logging in (name, email address, job title, phone number) Server log data relating to the platform (IP address) Contractual information for the purpose of conducting business (billing contact details).
Subprocessors Used When Insites Acts as a Processor (Platform Data)
When you use Insites to audit or analyse your SMB customers, we act as a data processor. In this role, your SMB data stays entirely within our platform infrastructure and is not shared with any CRM, billing or marketing systems. The only subprocessor we use for this data is AWS, where our platform is securely hosted.
| Name | Data stored | Supplemental measures | Contact details | Data subject (s) | Mechanism of data transfer |
|---|---|---|---|---|---|
| Amazon Web Services - EU-WEST-1 | Business data (business name, phone number, email, address) | Encryption of data in transit and at rest AWS takes the following technical and contractual measures to protect data: https://dl.awstatic.com/legal/laws-gdpr/AWS_GDPR_DPA.pdf https://aws.amazon.com/blogs/security/aws-and-eu-data-transfers-strengthened-commitments-to-protect-customer-data/ | AWS Compliance contact us https://pages.awscloud.com/compliance-contact-us.html | Your SMB clients | N/A |
Subprocessors Used When Insites Acts as a Controller (Business Operations)
When you give us your own business information - such as your team’s contact details for onboarding, billing or support - we act as a data controller. The subprocessors listed below help us run our business operations. These tools are used only for our direct relationship with you and never receive any of your SMB customer data.
| Name | Data stored | Supplemental measures | Contact details | Data subject (s) | Mechanism of data transfer |
|---|---|---|---|---|---|
| Amazon Web Services - US | Basic contact information for the purpose of logging in (name, email address, job title, phone number) Server log data relating to the platform (IP address) Contractual information for the purpose of conducting business (billing contact details) | Encryption of data in transit and at rest AWS takes the following technical and contractual measures to protect data: https://dl.awstatic.com/legal/laws-gdpr/AWS_GDPR_DPA.pdf https://aws.amazon.com/blogs/security/aws-and-eu-data-transfers-strengthened-commitments-to-protect-customer-data/ | AWS Compliance contact us https://pages.awscloud.com/compliance-contact-us.html | You or your employees | N/A |
| Calendly | Basic contact details to book a meeting (name, email) | Encryption at rest and in transit. Calendly security whitepaper https://assets.ctfassets.net/eh05n0xjhplz/5kxnH6bMv83wbfyetuTRCi/592bcee2cdd5f908438361fb7ccb01ba/Calendly_securityWhitepaper_13JUL2020.pdf | support@calendly.com | You or your employees | SCC |
| CEPW OU | Customer contracts Names and email addresses of client employees (used in the process of setting up customer contracts, billing and fulfilling the service) | paul@eliaswood.com | You or your employees | Adequacy Decision | |
| Google Analytics | Partial IP address of website visitors, linked to browsing history while using our website | Activated IP address anonymisation option | You or your employees | SCC | |
| Google GSuite (Mail, Calendar, etc) | Emails, including email address, IP address, email contents Contracts and files sent by clients as email attachments Attendees, dates and times of appointments stored in Google Calendar | Encryption of data in transit and at rest for Google Cloud Platform and Google Workspace. External Encryption Key storage outside of Google‘s technical infrastructure. EU Data Protection Compliance: https://services.google.com/fh/files/misc/google_cloud_data_transfer_wp.pdf | 1-877-355-5787 Email support available through Workspace Admin Portal: admin.google.com | You or your employees | SCC |
| Hubspot | Email address, phone number, name, and job title of Insites clients | HubSpot encrypts data in transit and at rest, offers granular access controls and audit logs, and maintains SOC 2 Type II and ISO 27001 certifications. HubSpot’s EU Data Centre and Data Residency controls ensure EU-stored data unless products/features require US processing. https://legal.hubspot.com/security | privacy@hubspot.com | You or your employees | SCC |
| Intercom | Website visitor IP address Email address, IP address and geographic location of logged in user Other personal details that individuals choose to share as part of a support conversation with our team | Data encyrpted in transit & at rest https://www.intercom.com/legal/security-policy | https://www.intercom.com/help/en/ | You or your employees | SCC |
| Mixpanel | Website visitor IP address Email address of logged in user | They have supplementary measures with their sub-processors outside of the EEA. | dpo@mixpanel.com | You or your employees | N/A |
| Pandadocs | Email address, phone number, name, and job title of prospective clients | Encryption at rest and in transit, role-based access controls, SOC 2 Type II & GDPR–aligned controls. PandaDoc maintains DPF certification and SCCs for any non-EU processing. https://www.pandadoc.com/security/ | privacy@pandadoc.com | You or your employees | SCC |
| Rollbar | User details associated with error messages Name Email address IP address | https://docs.rollbar.com/docs/security https://docs.rollbar.com/docs/privacy-policy https://rollbar.com/knowledge-base/gdpr-rollbar/ SOC 2 Type II Compliant ISO 27001 Compliant 2FA Data encrypted at rest and in transfer Even though Privacy Shield is invalid, they still adhere to all practices. | privacy@rollbar.com | You or your employees | SCC |
| Slack | Details required to hold internal discussions about clients: Name Address Phone Job title | Encryption of data at rest and in transit. ISO 27000, AICPA TSP and NIST compliant. SOC 2 Type II and SOC 3 compliant https://slack.com/intl/en-de/blog/news/a-note-to-our-customers-on-international-data-transfers https://a.slack-edge.com/80588/marketing/downloads/security/Security_White_Paper_2019.pdf | privacy@slack.com | You or your employees | SCC |
| Stripe | Details required to take payments for clients paying via credit card subscription. Name Address Phone Payment details | Stripe encrpyts data at rest and data in transit. They no longer rely on Privacy Shield, however they still commit to the principles of this. They get requests for access to data from law enforcement, and review each request with the goal of responding with minimum amount of required information in response to legitimate legally mandated requests. https://stripe.com/privacy-center/legal https://stripe.com/guides/general-data-protection-regulation https://stripe.com/docs/security/stripe | privacy@stripe.com | You or your employees | SCC |
| Voipfone | Inbound telephone calls. Voice data - all received telephone calls and the contents discussed therein Call records - the phone number, time and date of calls made to us | They have supplementary measures with their sub-processors outside of the EEA. | info@voipfone.co.uk | info@voipfone.co.uk | Adequacy Decision |
| Xero | Billing contact details Name Email address Job title | https://www.xero.com/uk/campaigns/xero-and-gdpr/https://www.xero.com/us/about/legal/privacy/ https://www.xero.com/us/about/security/ SOC II Type II Complaint PCI DSS Compliant Data encryption at rest and in transit | https://central.xero.com/s/article/Privacy-at-Xero | You or your employees | SCC |
| Zapier | Name, email address, phone number | https://zapier.com/help/account/data-management/gdpr-compliance-at-zapier https://zapier.com/help/account/data-management/security-compliance-at-zapier SOC II Type II and SOC III Compliant All data is encrypted at rest and in transfer Threat detection & external penetration testing is conducted regularly Zapier bug bounty programme 2FA | privacy@zapier.com | You or your employees | SCC |
Explore Insites for your business
Book in a call with one of our team to see how
Insites can help you scale your sales team and processes.
