Sub-processor Repository

What is a sub-processor?

A sub-processor is a third-party data processor engaged by Mindtickle to carry out personal data processing activities as required to provide services to customers per the terms of service, agreement, and the DPA.

List of sub-processors

The table below indicates the current list of sub-processors authorized to process customer personal data on the Mindtickle platform and related services.

Legal entity name Service applicability Nature and purpose of processing Data location Personal data processed Registered address Status
MindTickle Interactive Media Private Limited1 All services Product development and customer support India Mandatory – Name, Email ID
Optional – Photograph, Audio Recording, Video Recording		 4th Floor, Solitaire World, Baner, Pune, Maharashtra 411045, India Active
Amazon Web Services, Inc. Platform, Asset Hub, Call AI, RevOps, DSR Secure cloud infrastructure and storage for the Mindtickle platform United States, Ireland, Singapore, and Japan based on the customer’s choice Mandatory – Name, Email ID
Optional – Photograph, Audio Recording, Video Recording		 410 Terry Avenue North, Seattle, WA 98109-5210, United States Active
Google LLC and affiliates All services Communication with customers’ users and transcription United States or Ireland based on the customer’s choice Mandatory – Name, Email ID
Optional – Audio Recording		 1600 Amphitheatre Parkway Mountain View, CA 94043, United States Active
Microsoft Corporation All services Microsoft 365, Microsoft Power Platform and Azure Cognitive Services United States for US data residency customers.

Netherlands and Japan for rest of the customers.		 Optional - Personal information part of call transcript, learning content, sales assets and analytics 1 Microsoft Way, Redmond, Washington, 98052, United States Active
Box, Inc. Platform Media processing and transformation Unites States Name, Email ID 900 Jefferson Avenue, Redwood City, CA 94063, United States Active
Filestack, Inc. Platform, Asset Hub Media processing and transformation Unites States Name, Email ID IDERA Headquarters 10801 N Mopac Expressway Building 1, Suite 100 Austin, TX, 78759, United States Active
Snowflake, Inc. Platform, Asset Hub, Call AI Data analytics and insights United States or Singapore based on the customer’s choice Name, Email ID Suite 3A, 106 East Babcock Street, Bozeman, Montana 59715, United States Active
Nylas, Inc. Asset Hub Email accounts integration and message delivery United States or Ireland based on the customer’s choice Email ID 944 Market St, San Francisco, CA 94102, United States Active
Workato, Inc. Platform, Asset Hub, Call AI, RevOps, DSR Integration platform between customers’ third-party applications and Mindtickle United States Email ID 215 Castro Street, Suite 300, Mountain View, California 94041, United States Active
Sumo Logic, Inc. Platform, Asset Hub, Call AI, RevOps, DSR Log monitoring and analytics United States Name, Email ID 305 Main Street Redwood City, CA 94063, United States Active
Mixpanel, Inc. Platform, Asset Hub, Call AI, RevOps, DSR Platform event monitoring and analytics United States Name, Email ID One Front Street, 28th Floor, San Francisco, CA 94111, United States Active
Fullstory, Inc. Platform, Asset Hub, Call AI, RevOps, DSR Analytics of user sessions on MindTickle United States Mandatory – Name, Email ID
Optional – Photograph		 1745 Peachtree Street NE, Suite G, Atlanta, GA 30309, United States Active
Zipy, Inc. Platform, Asset Hub, Call AI, RevOps, DSR User session analytics and debugging United States Mandatory – Name, Email ID
Optional – Photograph		 1010, Silliman Street, San Francisco, CA 94134, United States Active
Atlassian Pty Ltd. Platform, Asset Hub, Call AI, RevOps, DSR Production issues/incidents tracking and communication United States Mandatory – Name, Email ID
Optional – Support Call Audio Recording, Support Call Video Recording		 Level 6, 341 George St, Sydney NSW 2000, Australia Active
Freshworks, Inc. Platform, Asset Hub, Call AI, RevOps, DSR Managing tickets for customer support United States Mandatory – Name, Email ID
Optional – Support Call Audio Recording, Support Call Video Recording		 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, United States Active
Marketo, Inc. All services Communication management with customers’ users and administrators United States Name, Email ID 901 Mariners Island Blvd Suite 200, San Mateo, CA, 94404, United States Active
Qualtrics, LLC All services Product feedback and surveys United States Name, Email ID 333 W. River Park Dr. Provo, UT 84604, United States Active
Gainsight, Inc. All services Customer Success management platform United States Name, Email ID 350 Bay Street, Suite 100, San Francisco, CA 94133, United States Active
Salesforce.com, Inc. All services Customer account and relationship management United States Name, Email ID 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States Active
Articulate Global, LLC CaaS Content creation and collaboration United States Name, Email ID 244 5th Avenue, Suite 2960, New York, NY 10001, United States Active
Filestage GmbH CaaS Content creation and collaboration Germany Name, Email ID Filestage GmbH, Lautenschlagerstraße 16, 70173, Stuttgart, Germany Active
BoostUp.ai (Also known as Vocalo, Inc.) RevOps Provides sales forecasting and pipeline analysis United States or Ireland based on the customer’s choice Mandatory – Name, Email ID, Address, Phone Number, Calendar Information
Optional – Audio Call Recording, Audio Call Transcript		 2040 Martin Ave, Santa Clara, California 95050, United States Active
OpenAI L.L.C. and affiliates Platform, Call AI Machine learning models for insights and workflows

• Public ChatGPT not used or contributed to.
• Customer data not used for training OpenAI models.
• Customers control the AI-features to use.		 United States Optional – Name, personal information part of call transcript, learning content, and sales assets 3180 18th Street, San Francisco, California 94110, United States Active
Whatfix, Inc. Platform, Asset Hub, Call AI, RevOps, DSR Platform navigation training and walkthrough United States Name, Email ID 2107 N. 1st Street, Suite 450, San Jose, California 95131, United States Active

1 For Customers, where MindTickle Interactive Media Private Limited is a party to the Agreement, this entity is a processor, not a sub-processor.

Note: The duration of processing by these sub-processors will be as per the terms of the Agreement signed with the Customers. Subject to specific approval of corresponding customers, we may use additional sub-processors for processing personal data controlled by the said customer.

Additional information about definitions used in the service applicability

  • “Platform” includes Course, Quick Update, Checklist, Instructor-Led Training, Assessment, Missions (Virtual Role-Play), Coaching Session & Competency Assessment (Field Coaching), Spaced Reinforcement
  • Conversational Intelligence (Call AI)
  • Revenue Operations & Intelligence (RevOps)
  • Digital Sales Rooms (DSR)
  • Content as a Service (CaaS)

Contractual controls

Mindtickle signs data processing agreements and standard contractual clauses with all of its sub-processors and imposes data protection obligations for protecting customer personal data with similar security standards as committed by Mindtickle to the customers. These data processing agreements are aligned with the global data protection laws such as GDPR, CCPA, CPRA, UK DPA, etc.

We include the following controls in the agreements to ensure the protection of customer personal data –

  • Right to audit – to allow an audit of the procedures relevant to customer personal data protection.
  • Data deletion – to delete personal data to fulfill data subject or customer requests or upon contract termination
  • Confidentiality agreements – to ensure employees and contractors with access to customer personal data have understood the confidential nature of the information and have signed confidentiality agreements
  • Training – to educate the employees on security and privacy practices to be followed while handling customer personal data
  • Incidents and breaches – to identify the root cause and impact, remediate the incident, and inform Mindtickle of impacted customer personal data relevant to the incident or breach
  • Security measures – to mandate technical and organizational security measures through vendor security policy or similar controls required by data protection laws and customer agreements
  • Fourth party risk – to impose the same standards of processing and security controls under applicable data protection laws to sub-processors of Mindtickle sub-processors

Onboarding and annual due diligence

In accordance with our supplier security policy, Mindtickle performs mandatory due diligence of all sub-processors through information security, privacy, and legal reviews. Sub-processor due diligence is performed during onboarding and once annually and includes a review of the following –

  • SOC 2 Type 2, ISO 27001, NIST, or similar industry-standard security reports
  • Compliance with applicable data protection laws and regulations
  • Vulnerability assessment and penetration testing reports
  • Information security and privacy policy documents
  • Privacy notice
  • Service level agreements, including uptime commitments, RTO, and RPO
  • Business continuity plans and disaster recovery reports
  • Supplier due diligence questionnaire

Only the carefully selected suppliers that are approved by security, privacy, and legal teams in the due diligence process are authorized as sub-processors and granted access to customer personal data.

Data sharing and responsibility

Mindtickle engages sub-processors to process personal data only in accordance with the customer agreement and documented instructions through the following –

  • Onward data transfer – includes using relevant transfer mechanisms for the transfer of personal data in accordance with the applicable data protection laws.
  • Data minimization – sharing only the minimum required personal data that is absolutely necessary to provide services to our customers.
  • RoPA – to maintain a detailed record of processing activities, including types, attributes, purposes, and safeguards of personal data shared with our sub-processors, which is reviewed quarterly.
  • Risk ownership – Mindtickle takes full responsibility for the security and privacy of the customer data transferred to its sub-processors and will remain liable for any breach of customer personal data caused by any of its sub-processors.

Changes to sub-processors

Mindtickle provides at least 30 days prior notice to our subscribed customers before authorizing any new sub-processors to process customer personal data and provides customers with a window to object to such appointments. Customers can use below subscription form to receive sub-processor change communication.

Subscribe to receive sub-processor change communication

More on security, privacy, and compliance

Security

Trust

Security Policy

Vendor Security

Transparency

Disclosure

Privacy

Privacy Policy

GDPR

DPF

CCPA

APEC PRP

Sub-processors

Platform

Platform Status

Uptime

Integrations

Browser Support

Accessibility

Terms

Terms of Service

DPA

SLA

Insurance

Acceptable Use

This page is Amazing

Get free access to the best sales-readiness content.

© 2023 Mindtickle Inc. All rights reserved.