Security and Compliance

Your stuff is in the right hands. Find all about our security and compliance policies here.

Compliance

Sub-processors

Below is a list of sub-processors (as defined by General Data Protection Regulation) used by CreateShift to deliver ProdPad. These sub-processors are described in the table below. 

 

Sub-processor

HQ Location

Privacy Controls

Data Location

Amazon Web Services, Inc

US

Privacy Shield, Data Processing Addendum, Standard Contract Clauses

EU

Zendesk, Inc

US

Privacy Shield, Data Processing Addendum

US

The Rocket Science Group, LLC d/b/a MailChimp

US

Privacy Shield, Data Processing Addendum

US

Segment.io, Inc.

US

Privacy Shield, Data Processing Addendum

US

Fullstory, Inc

US

Privacy Shield, Data Processing Addendum

US

Recurly, Inc

US

Privacy Shield, Data Processing Addendum

US

Stripe, Inc

US

Privacy Shield, Data Processing Addendum

US

 

PCI

Billing and subscriptions are managed using Recurly, Inc and Stripe, Inc. Both services are PCI-DSS compliant to level 1. ProdPad has basic PCI compliance and does not store or receive credit card data. 

GDPR

CreateShift the company and ProdPad the application are GDPR compliant. To help our customers become and remain GDPR compliant, we have a Data Processing Addendum and various other product features for you. This can be obtained by contacting security@prodpad.com.

Comments