A sub-processor is a third-party engaged by HashiCorp who processes Personal Data of HashiCorp customers in order to deliver and support our Products or Services. HashiCorp engages different types of sub-processors to perform various functions, as explained in the tables below.
HashiCorp undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or otherwise process Personal Data.
HashiCorp requires its sub-processors to satisfy equivalent obligations as those that apply legally or contractually to HashiCorp (as a Data Processor), all as set forth in HashiCorp’s Data Processing Agreement (“DPA”), including but not limited to the following requirements to:
- Process Personal Data in accordance with data controller’s (i.e. the customer’s) documented instructions (as communicated in writing to the relevant sub-processor by HashiCorp);
- In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Require a duty of confidentiality of personnel to whom they grant access to Personal Data;
- Implement and maintain appropriate technical and organizational measures and provide an annual certification that evidences compliance with this obligation. In the absence of such certification, HashiCorp reserves the right to audit the sub-processor;
- Comply with Standard Contractual Clauses with respect to personal data transfers;
- Not engage in the sale of customer’s personal data;
- Promptly inform HashiCorp about any actual or potential security breach in accordance with applicable data privacy laws; and
- Cooperate with HashiCorp in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
Process to engage new subprocessors
HashiCorp will provide a notice of updates to this list of sub-processors that are utilized to deliver its Services. HashiCorp undertakes to keep this list updated regularly to enable its customers to stay informed of the scope of sub-processing associated with HashiCorp.
For information on where HashiCorp production systems and support teams are located, please see hashicorp.com/tia
The following table describes the countries and legal entities engaged by HashiCorp in the storage or processing of Personal Data.
|Entity Name||Nature of processing||Entity Country||Product(s) in scope|
|AWS||Cloud Service Provider||HashiCorp maintains operations through AWS within the United States.||TFC|
|HashiCorp maintains operations through AWS, with various regions supported at your choosing.||HCP|
|Auth0||Authentication Provider||Auth0 data is hosted in the United States.||HCP|
|Microsoft Azure||Cloud Service Provider||HashiCorp maintains operations through Azure, and allows customers to provision their own consul clusters.||HCS
|Backupify||Backup for Google Suite||Backupify data is hosted in the United States.||All Products|
|Datadog||Log and event aggregator||Datadog data is hosted in the United States.||TFC
|Fastly||Content delivery network, Internet security services, load balancing, and video and streaming services||Fastly data is hosted in the United States.||TFC|
|Forethought||Customer support and ticket routing||Forethought data is hosted in the United States.||All Products|
|Gainsight||Customer success and support||Gainsight data is hosted in the United States.||All Products|
|Email service provider||Google email services are hosted in the United States.||All Products|
|Heap||Analytics for product usage and user behavior||Heap data is hosted in the United States.||TFC
|LaunchDarkly||Feature flagging||LaunchDarkly data is hosted in the United States.||HCP|
|Looker||Analytics for product usage behavior||Looker data is hosted in the United States.||TFC
|Marketo||Customer and sales leads management||Marketo data is hosted in the United States||All Products|
|Netsuite||Billing and accounting||Netsuite data is hosted in the United States.||All Products|
|Replicated||Installation and packaging||Replicated data is hosted in the United States.||Terraform Enterprise|
|Salesforce||Customer relationship management||Salesforce data is hosted in the United States.||All Products|
|Segment||Customer data collection platform||Segment data is hosted in the United States.||TFC
|Sentry||Error monitoring||Sentry data is hosted in the United States.||TFC
|Slack||Customer support||Slack data is hosted in the United States.||All Products|
|Snowflake||Data warehouse||Snowflake data is hosted within the United States.||All Products|
|Stripe||Payment processing||Stripe data is hosted in the United States.||TFC
|SumoLogic||Logging and monitoring||SumoLogic data is hosted in the United States.||TFC
|Twilio||Messaging service for multi factor authentication||Twilio data is hosted in the United States.||TFC
|Workato||Professional services for data warehouse||Workato data is hosted in the United States.||All Products|
|Zendesk||Customer support||Zendesk data is hosted in the United States.||All Products|
|Zoom||Customer support||Zoom data is hosted in the United States.||All Products|
|HashiCorp Federal, Inc. Use Only|
|DLT Solutions||Customer support for HashiCorp Federal, Inc.||Data is hosted in the United States.||Any products for which the customer purchases dedicated DLT support.|
HashiCorp engages various HashiCorp wholly-owned subsidiaries to perform limited internal activities in connection with delivering our products and services, and those subsidiaries may qualify as Subprocessors. HashiCorp, Inc. and its subsidiaries are parties to an intra-group data transfer agreement. For any questions regarding these subsidiaries, please reach out to email@example.com.