Hoppa till huvudinnehåll
List of Third Party Services
Uppdaterad för mer än en vecka sedan

Category of Personal Data
The personal data is processed for the following purposes, ways of processing, and time periods, in compliance with GDPR and other applicable laws.

1. Categories of Personal Data

Category

Purpose

Ways of Processing

Retention Period

Legal Basis

Identity Data

Name, email, and user ID are used to administer accounts, enable services, and personalize experiences.

1. Collection
2. Recording
3. Storage
4. Disclosure by transmission

Until the termination of the user account + 6 months

Performance of a contract to which the data subject is a party

Technical Data

Includes IP address, unique device ID, browser type, and operating system. Used for functionality, security, and analytics.

1. Collection
2. Recording
3. Storage
4. Disclosure by transmission

Until the termination of the user account + 6 months

Performance of a contract to which the data subject is a party

Communication Data

Emails and support interactions are used to handle inquiries and improve support services.

1. Collection
2. Recording
3. Storage

As long as relevant to business needs or until resolution of inquiries.

Legitimate interest

2. Sub-Processors and Data Flows

1. Auth0 (Authentication/Login)

  • Sub-Processing Location: Frankfurt, Germany (EU)

  • International Transfer: Not applicable, processing within the EU

  • Description: Provides authentication services for users logging into the platform. Manages secure user authentication and authorization.

  • Type of Personal Data: Email addresses, IP addresses

  • Categories of Data Subjects: Users who create accounts

  • Auth0 Privacy Policy: https://auth0.com/privacy

  • Compliance Certifications: ISO 27001, SOC 2 Type II

  • Key Sub-Processors: AWS (Cloud Infrastructure)

2. Google Cloud Platform (Cloud Hosting)

  • Sub-Processing Location: Hamina, Finland (EU)

  • International Transfer: Not applicable, processing within the EU

  • Description: Hosts primary data storage solutions, including databases and application data.

  • Type of Personal Data: Primary data store (detailed categories and attributes should be specified)

  • Categories of Data Subjects: Users who create accounts

  • Google Cloud Privacy Policy: https://policies.google.com/privacy

  • Compliance Certifications: ISO 27001, SOC 2 Type II, FedRAMP

  • Key Sub-Processors: Equinix (Data Center Operations)

3. ArangoDB (Database)

  • Sub-Processing Location: Netherlands (EU)

  • International Transfer: Not applicable, processing within the EU

  • Description: Manages databases for storing customer and user information, including emails, names, company details, IP addresses, and user IDs.

  • Type of Personal Data: Email, name, company, IP address, user ID

  • Categories of Data Subjects: Users who create accounts

  • Compliance Certifications: ISO 27001

  • Key Sub-Processors: Google Clous Platform (GCP)

4. Lundatech (Integrations)

  • Sub-Processing Location: Stockholm, Sweden (EU)

  • International Transfer: Not applicable, processing within the EU

  • Description: Handles API-based integrations with external systems, such as exporting deadlines to calendars, pushing data to BI platforms, and supporting SSO integrations.

  • Type of Personal Data: Name, email, technical data

  • Categories of Data Subjects: Users who use integration services

5. Google Analytics (Public Webpage Analytics)

  • Sub-Processing Location: Hamina, Finland (EU)

  • International Transfer: Not applicable, processing within the EU

  • Description: Collects and analyzes public website traffic to improve service offerings.

  • Type of Personal Data: IP addresses

  • Categories of Data Subjects: Website visitors

  • Compliance Certifications: ISO 27001, SOC 2 Type II, FedRAMP

6. Sendgrid (Email Notifications)

  • Sub-Processing Location: USA

  • International Transfer: Standard Contractual Clauses (SCCs). Sendgrid participates in and relies on the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

  • Description: Sends email notifications and password reset emails, with a 3-day data retention policy.

  • Type of Personal Data: Email

  • Categories of Data Subjects: Users who create accounts

  • Compliance Certifications: ISO 27001, SOC 2 Type II

  • Key Sub-Processors: Twillo

7. Sentry (Error Tracking)

  • Sub-Processing Location: USA (Exploring EU options)

  • International Transfer: Standard Contractual Clauses (SCCs).

  • Description: Tracks and reports system errors to improve system reliability.

  • Type of Personal Data: IP addresses

  • Categories of Data Subjects: Users who encounter platform errors

  • Comment: Howwe is actively evaluating Sentry's EU-based data processing capabilities.

  • Compliance Certifications: SOC 2 Type II

  • Key Sub-Processors: AWS (Cloud Infrastructure)

8. WPEngine (Public Webpage Hosting)

  • Sub-Processing Location: Germany (EU)

  • International Transfer: Not applicable, processing within the EU

  • Description: Hosts the public-facing website, including marketing and lead generation information.

  • Type of Personal Data: IP addresses, leads information

  • Categories of Data Subjects: Website visitors, potential customers (leads)

  • Compliance Certifications: ISO 27001, SOC 2 Type II

3. Data Retention and Disposal

  • Personal data is retained for the duration specified in this document. Upon expiration, data is securely deleted or anonymized to prevent identification.

  • Backup data is retained for up to 90 days and is automatically purged after the retention period.

4. Data Minimization

  • Howwe Technologies strives to minimize the personal data shared with third-party service providers to the extent strictly necessary for the provision of services or the fulfillment of contractual obligations.

5. Questions and Feedback

If you have questions about this document, or if you wish to raise concerns about any sub-processor, please contact us at:

Fick du svar på din fråga?