GDPR subprocessors

Bright utilizes the following sub-processors in its delivery of its services


GitHub

https://github.com/

Code hosting platform for version control and collaboration.

Data handled: Source Code, Issues, CI tools
Location for processing: Global, US.


Sentry

https://sentry.io/

Software provider (SaaS) providing logging for errors occurring in our application for troubleshooting & quality improvements.

Data handled: IP-address, basic user agent details
Location of processing: US. Processing is covered by DPA including Model/Standard Contractual Clauses (SCC)


Amazon Web Services Europe

https://aws.amazon.com

Provisioning and operations of server and infrastructure services (PaaS) 

Data handled: All data handled in the service
Location of processing: EU/EEA (Frankfurt data centers). Processing is covered
by DPA including Model/Standard Contractual Clauses (SCC).


Heroku

https://www.heroku.com/

Platform as a service (PaaS) that enables developers to build, run, and operate applications entirely in the cloud.

Data handled: Database, Data traffic
Location for processing: Ireland AWS (eu-west-1)


CityNetwork / Cleura

https://cleura.com/

Swedish provider of IT infrastructure services.

Data handled: Database, Data traffic
Location for processing: Sweden


MongoDB

https://www.mongodb.com/cloud

Unified data platform for modern applications and includes a global cloud database, search, data lake, mobile, and application services.

Data handled: Database, Data traffic
Location for processing: Ireland AWS (eu-west-1)


Expo

https://expo.dev/

Open-source platform for making universal native apps.

Data handled: Source Code
Location for processing: US


Google Analytics

https://analytics.google.com/analytics/

Traffic analytics and Maps.

Data handled: Ip-adress & app activity
Location of processing: Worldwide (distributed in EU/EEA and USA)


Amplitude

https://amplitude.com/

Traffic analytics.

Data handled: Ip-adress & app activity
Location for processing: A part of Amazon Web Services, EU/EEA (Frankfurt data centers). Processing is covered by DPA including Model/Standard Contractual Clauses (SCC).


Planhat

https://www.planhat.com/

CSM-tool

Data handled: Company information, user data and account activity data.
Location for processing:  Belgium and the Netherlands


Logz.io

https://logz.io/

A cloud observability platform for application logs.

Data handled: All data handled in the service
Location for processing: Ireland AWS (eu-west-1)


Mailgun

https://www.mailgun.com/

Marketing & email-tool.

Data handled: Email and email activity.
Location for processing: US / EU


Mailchimp

https://mailchimp.com/

Marketing & email-tool to our b2b customers.

Data handled: Names, emails and email activity.
Location for processing: US