To provide our services, Connect The Dots engages a small number of trusted third-party sub-processors. This article explains how we vet those vendors and lists each sub-processor, the categories of data they process, the purpose of that processing, and where they are located.
Third-party vendor management
Connect The Dots uses third-party vendors to provide services. Prior to working with a vendor, a risk-based assessment is carried out to ensure they meet Connect The Dots' security requirements. Connect The Dots periodically reviews each vendor in light of our security and business continuity standards, type of access and classification of data being accessed (if any), controls necessary to protect data, and legal/regulatory requirements. Connect The Dots ensures that customer data is returned and/or deleted at the end of a vendor relationship.
In order to protect customers' personal data, Connect The Dots enters into written agreements with its vendors to specifically outline necessary confidentiality, privacy, and security obligations that must be observed.
Sub-processor list
The following third-party sub-processors are currently engaged to process personal data as part of delivering the CTD services.
| Sub-processor | Types of data transferred | Purpose of data transfer | Location |
|---|---|---|---|
| Google Cloud | Personal data contained in communications customers send or receive through CTD's services. | Provision of communication products and services, including transmission to or from customer software applications from or to the publicly-switched network (PSTN) or other specified origination and termination points. Storage. | USA |
| Segment | First name + Last name + email addresses + account activity (actions taken on the ctd.ai app) | User behavior and metrics about our product usage. | USA |
| Customer.io | First name + Last name + email addresses + account activity (actions taken on the ctd.ai app) | Email communication with users and internal Slack notifications of the user activity. | USA |
| FullStory | First name + Last name + email addresses + account activity (actions taken on the ctd.ai app) | User behavior analytics/screen replay. | USA |
| Mixpanel | First name + Last name + email addresses + account activity (actions taken on the ctd.ai app) | User behavior and metrics about our product usage. | USA |
| Mixrank | Company and People Data | Getting Company and People Data | USA |
| EnrichLayer | Company and People Data | Getting Company and People Data | USA |
| DataForSeo | Company and People Data | Getting Google SERP Results | USA |
| Scrapin | Company and People Data | Getting Real-Time Company and People Data | France, Paris |
| Zenserp | Company and People Data | Getting Google SERP Results | Austria, Vienna |
| Stripe | Name, email, payment information (card details, billing address) | Payment processing and subscription management | USA |
| OpenAI | User-provided content and prompts | AI-powered features and data processing | USA |
We may update this list from time to time as our services evolve. This list is referenced by our Master Subscription Agreement and Data Processing Addendum. Questions? Email security@ctd.ai.