Subprocessors

A sub-processor is a third-party engaged by HashiCorp who processes Personal Data of HashiCorp customers in order to deliver and support our Products or Services. HashiCorp engages different types of sub-processors to perform various functions, as explained in the tables below.

Due Diligence

HashiCorp undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or otherwise process Personal Data.

Contractual Safeguards

HashiCorp requires its sub-processors to satisfy equivalent obligations as those that apply legally or contractually to HashiCorp (as a Data Processor), all as set forth in HashiCorp’s Data Processing Agreement (“DPA”), including but not limited to the following requirements to:

  • Process Personal Data in accordance with data controller’s (i.e. the customer’s) documented instructions (as communicated in writing to the relevant sub-processor by HashiCorp);
  • In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
  • Require a duty of confidentiality of personnel to whom they grant access to Personal Data;
  • Implement and maintain appropriate technical and organizational measures and provide an annual certification that evidences compliance with this obligation. In the absence of such certification, HashiCorp reserves the right to audit the sub-processor;
  • Comply with Standard Contractual Clauses with respect to personal data transfers;
  • Not engage in the sale of customer’s personal data;
  • Promptly inform HashiCorp about any actual or potential security breach in accordance with applicable data privacy laws; and
  • Cooperate with HashiCorp in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.

Process to engage new subprocessors

HashiCorp will provide a notice of updates to this list of sub-processors that are utilized to deliver its Services. HashiCorp undertakes to keep this list updated regularly to enable its customers to stay informed of the scope of sub-processing associated with HashiCorp.

Subprocessors

For information on where HashiCorp production systems and support teams are located, please see hashicorp.com/tia

The following table describes the countries and legal entities engaged by HashiCorp in the storage or processing of Personal Data.

Entity Name Nature of processing Entity Country Product(s) in scope
AWS Cloud Service Provider HashiCorp maintains operations through AWS within the United States. TFC
HashiCorp maintains operations through AWS, with various regions supported at your choosing. HCP
Auth0 Authentication Provider Auth0 data is hosted in the United States. HCP
Microsoft Azure Cloud Service Provider HashiCorp maintains operations through Azure, and allows customers to provision their own consul clusters. HCS

HCP

Backupify Backup for Google Suite Backupify data is hosted in the United States. All Products
Datadog Log and event aggregator Datadog data is hosted in the United States. TFC

HCP

Fastly Content delivery network, Internet security services, load balancing, and video and streaming services Fastly data is hosted in the United States. TFC
Forethought Customer support and ticket routing Forethought data is hosted in the United States. All Products
Gainsight Customer success and support Gainsight data is hosted in the United States. All Products
Google Email service provider Google email services are hosted in the United States. All Products
Heap Analytics for product usage and user behavior Heap data is hosted in the United States. TFC

HCP

LaunchDarkly Feature flagging LaunchDarkly data is hosted in the United States. HCP
Looker Analytics for product usage behavior Looker data is hosted in the United States. TFC

HCP

Marketo Customer and sales leads management Marketo data is hosted in the United States All Products
Netsuite Billing and accounting Netsuite data is hosted in the United States. All Products
Replicated Installation and packaging Replicated data is hosted in the United States. Terraform Enterprise
Salesforce Customer relationship management Salesforce data is hosted in the United States. All Products
Segment Customer data collection platform Segment data is hosted in the United States. TFC

HCP

Sentry Error monitoring Sentry data is hosted in the United States. TFC

HCP

Slack Customer support Slack data is hosted in the United States. All Products
Snowflake Data warehouse Snowflake data is hosted within the United States. All Products
Stripe Payment processing Stripe data is hosted in the United States. TFC

HCP

SumoLogic Logging and monitoring SumoLogic data is hosted in the United States. TFC

HCP

Twilio Messaging service for multi factor authentication Twilio data is hosted in the United States. TFC

HCP

Workato Professional services for data warehouse Workato data is hosted in the United States. All Products
Zendesk Customer support Zendesk data is hosted in the United States. All Products
Zoom Customer support Zoom data is hosted in the United States. All Products
HashiCorp Federal, Inc. Use Only
DLT Solutions Customer support for HashiCorp Federal, Inc. Data is hosted in the United States. Any products for which the customer purchases dedicated DLT support.

HashiCorp engages various HashiCorp wholly-owned subsidiaries to perform limited internal activities in connection with delivering our products and services, and those subsidiaries may qualify as Subprocessors. HashiCorp, Inc. and its subsidiaries are parties to an intra-group data transfer agreement. For any questions regarding these subsidiaries, please reach out to privacy@hashicorp.com.