Khoros Atlas Logo

Khoros Data Location and Subprocessor Guide

Khoros Data Location and Subprocessor Guide

Khoros processes and stores its U.S., Canadian, and Asia/Pacific customers’ data primarily in the United States, and its European/ Middle Easter customers’ data primarily in the EU/ EEA, with some exceptions noted below.  

Customer Region

Khoros Application

Primary Storage

Back Up Storage

US/ Canada/Asia/Pacific

Khoros Community

US (Equinix in transition moving to AWS in 2018)

US (AWS)

US/ Canada/Asia/Pacific

Khoros Care

US (AWS)

US (AWS)

US/ Canada/Asia/Pacific

Khoros Marketing

US (AWS)

US (AWS)

US

Khoros JX Community, formerly known as Jive-X

US (Jive)

US (Jive)

EU/ EEA/ Middle East

Khoros Community

The Netherlands (Equinix in transition moving to Ireland, AWS in 2018)

Ireland (AWS)

EU/ EEA/ Middle East

Khoros Care

Ireland (AWS)

Ireland (AWS)

EU/ EEA/ Middle East

Khoros Marketing

US (AWS)

US (AWS)

EU

Khoros JX Community, formerly known as Jive-X

The Netherlands (Jive)

England (Jive)

 

Effective October 2, 2018, Lithium and Spredfast closed their merger transaction and the merged company is now rebranded to Khoros.  New listings related to Spredfast-legacy products have been added as Khoros Marketing products, as appropriate.

Effective October 3, 2017, Lithium acquired the Jive-x external community platform from Jive Software, an Aurea company. As a result Lithium entered into a transition services agreement with Jive that will allow Jive, functioning as a subprocessor, to continue to provide Jive-x services for 12 to 15 months.

Khoros provides customer support and conducts engineering work that might sometimes require limited access to our customers’ data from Khoros office locations in the U.S., Australia,  and India. In addition, Khoros engages subcontractors outside the EU/ EEA that process some limited EU customer data such as log files, and spam email filtering, or that provide technical support to our European customers.  

Khoros requires that its subcontractors comply with security and data privacy standards at least as protective as those that Khoros commits to its customers, and this is reflected in our contracts with our subcontractors.  In relation to EU data privacy regulatory compliance, Khoros complies with the requirements of the EC Standard Contractual Clauses, and requires that its subcontractors that have access to Khoros customers’ data similarly comply. Further, Khoros will enter into the EC Standard Contractual Clauses with any European customer upon request. 

Subprocessor detail chart: 

Vendor

(Processing Location)

Usage / Khoros Applications

Access Type

Transfer or Access 

Security Audit
SSAE 16 SOC 2

Security Certification
ISO 27001

Controls

AWS

(USA/Ireland)

Cloud hosting for Khoros Community and Khoros Care

Logical access to data is  possible

No data is transferred (stays in region)

Yes

Yes

Data is encrypted. Only Khoros has keys.

Sumo Logic

(AWS locations in USA)

Log collection and storage for Khoros Community and Khoros Care

Log files only

Logs are transferred to servers in USA

Yes

Yes

Log data is encrypted.  Sumo has keys.

Akismet

(USA)

Spam detection for Khoros Community 

No access to PII (only content)

Content is transferred to API end point in USA

No

No

Short-term access to content only.

Persistent

(India)

Outsourcing for Khoros Community and Khoros Care

Development services

Access from India

No

Yes

Same as Khoros employees.

ETI Software Solutions (formerly Netmania)

(USA, Bulgaria, UK)

Outsourcing for Khoros Community and Khoros Care

Support, Migration, Upgrades

Access from Bulgaria, Italy, and UK

No

Yes

Same as Khoros employees.

Ooyala*

(USA, Australia, Mexico, Singapore, UK, Spain, France, Germany, Sweden)

Video playback and storage for Khoros Community 

Access to uploaded videos is possible

Storage in the USA

Yes

No

Ooyala has access to videos.

Box *

(USA)

File storage for customers using the File Preview feature  of Khoros Community and/or Khoros Care

Access to file attachments is possible

Storage in the USA

Yes

Yes

Files are stored encrypted. Box has access to keys.

Cloud Elements, Inc.*

(USA, Ireland)

API integration platform (for CRM integration with Khoros Care)

Logical access is possible

No data is transferred (stays in region)

No

No

EC Model Clauses and audit rights

Direct Defense, Inc.

(USA)

Incident Response

Logical access to logfiles and other data is possible

Data is transferred to DirectDefense ShareFile servers in a SOC 2 certified SaaS environment.

Yes

No

Multi-Factor Authentication required for access.  Data is encrypted in transit and at rest. Least privilege access control processes are in place.

Akamai Technologies, Inc.

(Worldwide for location list see Akamai site https://www.akamai.com/us/en/locations.jsp)

Content Delivery Network for Khoros Community

Logical access to data is possible

Data is transferred to the nearest Akamai network POP within the geographical origin area of the end user request 

Yes

ISO 27002

EC Model Clauses and annual review of SOC 2 audit report

Clarotest Consulting Lab S.R.L. 

(Argentina)

Development services and support for the Khoros JX Community

Some access to customer data as part of outage mitigation.

Access from Argentina

No

No. 

ISO 9001 instead.

Comply with Khoros’s security requirements.

Smooch Technologies, Inc.

(USA)

Hosted service that helps extend Khoros’s conversational capabilities

Logical access to data is  possible

Storage in USA

In progress

No

Data is encrypted.

Netbase Solutions, Inc.

(USA)

Ingestion and analysis of customer’s Khoros Data

Logical access to data is  possible

Storage in USA

Yes 

No

EC Model Clauses and audit rights

iTalent Corporation

(USA, India, and UK))

Outsourcing for Khoros Community and Khoros JX Community

Support and trouble-shoot, migration and upgrades, Some access to customer data

Access from USA  UK and India

Yes

Yes

EC Model Clauses and audit rights

Social Edge Consulting, LLC

(USA, Canada, UK, Portugal, and Spain)

Outsourcing for Khoros Community and Khoros JX Community

Support and trouble-shoot, migration and upgrades, Some access to customer data

Access from USA, Canada, UK,  Portugal and Spain 

Yes

Yes

EC Model Clauses and audit rights

Grazitti Interactive*

(India)

Outsourcing for Khoros Community

Support and trouble-shoot, migration and upgrades, Some access to customer data

Access from India

No – SSAE 18 SOC 1 and SOC 2

Yes

EC Model Clauses and audit rights

Salesforce.com, Inc.

(USA)

Hosted service that provides customer support ticketing for Khoros products

Logical access to data is possible

Data storage in USA.

Yes

Yes

EC Model Clauses; also see https://trust.salesforce.com/en/compliance/ 

Fastly

Worldwide (for location list see Fastly site https://www.fastly.com/network-map)

Content Delivery Network for Khoros Marketing

Logical access to data is possible

Data is transferred to the nearest Fastly POP within the geographical origin area of the end user request

Yes

No

https://docs.fastly.com/guides/compliance/

VirtualMind

(Argentina)

Outsourcing for Khoros Marketing

Development services

Access from Argentina

No

No

Same as Khoros Employees

Zendesk

(USA)

Hosted service that provides customer support ticketing for Khoros Marketing products

Some access to customer data possible

Storage in USA

Yes

Yes

Data is encrypted

Pendo

(USA)

Hosted service that provides in-product help, guidance and product announcements.

Some access to customer data possible

Storage in USA

Yes

No

Data is encrypted

Squelch

(USA)

Federated search and indexing; Salesforce (internal), Confluence (internal), Box (internal)

Logical access to data is possible

Storage in USA

No

No

Comply with Khoros’s security requirements.

Hyland

(USA and Ireland)

Video playback and storage for JX Communities


Access to uploaded videos is possible

Storage in USA and Ireland

Yes

Yes

Numerous control options available through Twistage settings and AWS

BI Worldwide*

(f/k/a Bunchball)

(USA with back-ups across multiple availability zones See https://aws.amazon.com/compliance/data-center/controls/)

Gamification functionality for JX Communities

•Authentication/authorization is in place to ensure access only by BI Worldwide using privilege of least access

•AWS KMS with automatic key rotation is enabled.

Access from USA and Ireland

No

No 

BI Worldwide follows AWS hardening best practices

* indicates an optional service 

  • AWS 
    • AWS provides storage and virtual computing resources
    • Backups are stored in AES 256-bit encrypted format
    • AWS personnel do not have access to Khoros encryption keys
    • AWS is ISO 27001 certified and SOC 2 audited
    • AWS has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA, Ireland
    • Headquarter location: 

1200 12th Avenue South

Suite 1200

Seattle, WA 98144-2734

USA

  • Akismet (formerly known as “Automattic, Inc.”)
    • Akismet is our spam content management service provider 
    • Akismet has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    •  Headquarter location: 

132 Hawthorne Street

San Francisco, CA 94107

USA

 

  • Sumo Logic 
    • Sumo Logic processes only log data
    • Sumo Logic has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter location:

305 Main Street

Redwood City, CA 94063

USA

  • Persistent 
    • Persistent provides software development services
    • Persistent is ISO 27001 certified
    • Persistent has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: India
    • Headquarter location:

Bhageerath, 402,
Senapati Bapat Road,
PUNE – 411016

India

  • ETI Software Solutions (formerly Netmania) 
    • ETI provides upgrade and maintenance of sites, L1/L2 support, and, at the customer’s request,  customer migration services
    • ETI is ISO 27001 certified
    • ETI has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA, Bulgaria, UK
    • Headquarter location:

The Stables

Elmhurst Business Park

Park Lane

Elmhurst, WS13 8EX

United Kingdom

  • Direct Defense, Inc.
    • DirectDefense provides security incident response services.
    • DirectDefense will only be provided access in the event of a security incident
    • DirectDefense has contractually committed to comply with EC Standard Contractual Clauses
    • DirectDefese is SOC 2 audited
    • Processing locations: USA
    • Headquarter locations: 

385 Inverness Pkwy.

Suite 360

Englewood, CO 80112

USA

 

  • Akamai Technologies, Inc.  
    • Akamai provides content delivery network (CDN) services
    • Akamai has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: Worldwide (for location list see Akamai site https://www.akamai.com/us/en/locations.jsp)
    • Headquarter location:

8 Cambridge Center

Cambridge MA 02142

USA

 

  • Clarotest Consulting Lab S.R.L.  
    • Clarotest provides software development, consulting and technical support services for the Khoros JX Community (formerly known as Jive-X) 
    • Clarotest has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: Argentina
    • Headquarter location:

Franklin Roosevelt 2783, CABA

Buenos Aires, 1425

Argentina 

 

  • Smooch Technologies, Inc. 
    • Smooch provides a hosted service that helps extend Khoros’s conversational capabilities across all messaging channels made available by Smooch
    • Smooch has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter locations:

5333 Casgrain, Suite 1201

Montreal, QC

H2T 1X3

Canada

 

  • Netbase Solutions, Inc. 

 

    • Netbase provides a specialized uploader for customer to transfer Khoros data exports via files into Netbase, and will partition customer data for restricted access by customer users
    • Netbase has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter locations:

3960 Freedom Cir #201

Santa Clara, CA 95054

USA

 

 

  • iTalent Corporation

 

  • iTalent provides Community Managed Services that include software development, L1/L2 Support, and data assessment, mapping, appending, cleanings and migration services. In addition, iTalent provides project management and community management support services

    • iTalent has contractually committed to comply with the EC Standard Contractual Clauses
    • Processing locations: USA, UK and India
    • Headquarter locations:

27 Devine Street

San Jose, CA 95110

USA

 

 

  • Social Edge Consulting, LLC

 

  • Social Edge provides software development services, L1/L2 support, project lifecycle management, and content migration services

    • Social Edge has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA , Canada, UK, Portugal, Spain
    • Headquarter location:

79 Madison Avenue

New York, NY 10016

USA

 

 

  • Salesforce.com, Inc.

 

  • Salesforce.com provides a cloud-based ticketing system for customer services provided in connection with Khoros products

    • Salesforce has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter location:

The Landmark at One Market, Suite 300

San Francisco, CA 94105

USA

 

 

 

  • Fastly

 

  • Fastly provides content delivery network (CDN) services for Khoros Marketing products

475 Brannan St. #300

San Francisco CA 94107

USA

 

 

  • VirtualMind

 

  • VirtualMind provides software development services for the Khoros Marketing product

    • Processing locations: Argentina
    • Headquarter location:

2134 Rivadavia Avenue, Floor 3, Suite B

Buenos Aires

Argentina

 

 

  • Zendesk

 

  • Zendesk provides a cloud-based ticketing system for customer services provided in connection with Khoros Marketing products

    • Processing locations: USA
    • Headquarter location:

1019 Market Street

San Francisco CA 94103

USA

 

 

  • Pendo
    • Pendo provides in-product help, guidance and product announcements
    • Processing locations: USA
    • Headquarter location:

150 Fayetteville Street

Raleigh NC 27601

USA

 

 

  • Squelch
    • Integrates with apps to index data and provides an optimized search tool for support agents
    • Squelch has contractually committed to becoming SOC2 certified
    • Processing locations: USA
    • Headquarter location:

555 Twin Dolphin Drive, Suite 170

Redwood City CA 94065

USA

 

  • Hyland
    • Performs video processing for JX Communities 
    • Hyland has committed to Privacy Shield certification
    • Processing Locations: USA, Ireland
    • Headquarters location: 

28500 Clemens Road
Westlake, Ohio 44145
+1.440.788.5000video processin1-952-

In addition to the above, Khoros also utilizes the following subprocessors to provide certain optional services (as indicated below) to those Khoros customers who elect to purchase those optional services:  

  • Ooyala, Inc. 
    • Ooyala provides video storage and playback services for those customers who purchase the video option 
    • Processing locations: USA, Australia, Mexico, Singapore, UK, Spain, France, Germany, Sweden
    • Headquarter location:

4750 Patrick Henry Drive

Santa Clara, CA 95054

USA

 

  • Box, Inc.
    • Box provides file preview services for those customers who purchase the file preview option 
    • Processing locations: USA
    • Headquarter location:

1895 El Camino Real

Palo Alto CA 94306

USA

 

 

  • Cloud Elements, Inc.  

    • Cloud Elements  provides API integration platform services for integration with customers’ CRM applications
    • Cloud Elements has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA, Ireland
    • Headquarter location:

3001 Brighton Blvd.

Suite #642

Denver, CO 80216

USA

 

  • Grazitti Interactive
    • Grazitti provides online community and software development services including data migration, integrations, UX and UI services, Community Management, and L1/L2 post-live Support.
    • Grazitti is ISO 27001 certified and SSAE 18 SOC 1 Type 2, SOC 2 Type 2 compliant
    • Processing locations: India
    • Headquarter location:

Plot 198, Phase 2, Industrial Area

Panchkula, HR

India 134113

 

  • BI Worldwide (f/k/a Bunchball)
    • Provides gamification functionality for JX Communities 
    • Bunchball has contractually committed to comply with EC Standard Contractual Clauses  
    • Processing Locations: USA with back=ups across multiple Availability Zones.  See https://aws.amazon.com/compliance/data-center/controls/
    • Headquarters location:

130 East 3rd Street
Suite 202
Des Moines, IA 50309
1-952-563-2999ms

Khoros also utilizes subcontractors that do not have any access to our customer’s data, and are therefore not listed in this Guide.

 

Version history
Revision #:
10 of 10
Last update:
‎12-11-2019 12:22 PM
Updated by:
 
Contributors