Khoros Atlas Logo

Policies and Guidelines

Policies and Guidelines

Filter
Filter by Labels
Select any of the labels below to filter results.
Filters applied...
Sorted by:
This article captures a complete inventory of personal data points used throughout Khoros products, for EU privacy compliance and other cases.
View full article
by Khoros Staff JohnD Khoros Staff 04-13-2018 11:59 AM
0
2515
Cookies are small data files stored in web browsers to track usage and enable useful services and features on Khoros Communities. This document provides information on the standard cookies set by Khoros Communities and how to reject or delete those cookies should users choose to do so. Understand that restricting cookies can have an adverse impact on the functionality and the online user experience on the Community. We classify the cookies typically found on Khoros communities into the four broad categories described below.   Type Classification Description Example 1 Strictly necessary These cookies are necessary for the proper functioning of the community, such as tracking a user session, or accessing secure areas. Session cookie used to pin a logged-in session to a browser 2 Performance The information these cookies collect is anonymous and is used to collect aggregate data including information about the pages users visit. Cookies delivered by Omniture WebAnalytics and Google Analytics for purposes of aggregate reporting 3 Functional These cookies allow websites to remember preferences and settings, such as your username, language, region, font size, and so on. Cookie used to hold a user’s username as part of a “remember me” feature 4 Tracking, targeting and sharing These cookies remember that you've visited a website, a particular web page, and/or track your activities on the site. This information is sometimes shared with third party advertisers for serving targeted online advertising or other personalized content. Cookies used to track visitor activity on an individual basis can be used by Khoros or its third party business partners to serve personalized content, and/or later aggregated and used to analyze website traffic and trends.  How to control cookies Some cookies are necessary for the proper operation of the Community and disabling or removing them may have an adverse impact on the proper functioning and user experience. However, users may choose to view, block, or remove cookies set by Khoros Community through their web browser settings (or any website cookies for that matter). Consult the help feature for your specific browser to find how. Here are some useful links for your convenience. Microsoft Internet Explorer Privacy Settings and Information Google Chrome Privacy Settings and Information Mozilla Firefox Privacy Settings and Information Apple Safari Privacy Settings and Information Also, you may choose to consult an external and independent third party website such as  AboutCookies.org or www.youronlinechoices.eu/ if you are in the European Union which provides comprehensive information on a variety of browsers and how to control or change their respective privacy settings. Cookies used by Khoros The following standard cookies are used by Community, Social Media Management, and Lithium Social Intelligence (LSI). Disabling or removing these cookies may have an adverse impact on the proper functioning and user experience on the Community. Community cookies Cookie Name Type Description and Purpose Expiration Time/Type If removed, disabled, or not accepted AWSALB 1 AWS sticky session cookie required for load balancer routing. See this document  for further information. Session Sticky session won't work and some functionality will break. _ga 2 Distinguishes users using a unique ID. It is used by Google Analytics to calculate visitor, session, and campaign data. By default, the configuration setting that sets this cookie is disabled. File a Support ticket to request enablement. 2 years (persistent) Visitor and session data will not be tracked and will not be available to Google Analytics !lithiumSSO:{client_id} 1 Used for passing authentication information to Khoros session SSO will not be functional for the user LiSESSIONID 1 Session management session User cannot log in, and is treated as an anonymous user ­­lia.anon.{setting or config name} 3 Stores community-wide configurations and settings for anonymous users 1 year (persistent) Community behavior will follow defaults and any UI convenience changes made by the user will be ignored. liSdkOptions:{communityId} 3 Dropped when a Studio user navigates to Studio > Advanced > SDK and clicks Submit after checking the View as anonymous checkbox.   The cookie allows developers to sign out of the community but still have it find the URL to use for rendering a skin that is hosted via the Community Plugin SDK.   This cookie is used only on stage sites. 1 month or when the View as anonymous checkbox is unselected The community will serve the URL for the skin set on the stage site instead of the URL to the locally hosted skin (so local SASS development will not work when the user is signed out) lithium.anonymous. usersetting.{setting name} 3 Remembers user preferences 1 year (persistent) The community will not remember the user’s setting preferences lithium.anonymous. usersetting.profile. language 3 Remembers language preferences 1 year (persistent) The community will not remember the user’s language preferences. The language will default to the native language defined for the community. lithiumLogin:{community id} 3 Keeps users logged in when they make a request after their session has expired. It is triggered when a user checks Save login name and password. The cookie is encrypted and includes a unique user secure ID in the database. 30 days (persistent) The "auto login" and "remember me" features will not work LithiumNotifications 3 Temporarily stores Realtime Notification messages (Toast messages) session Realtime notification toasts may not appear (pop-up) after a page transition. LithiumUserInfo 1 Session management session The user will not be able to view secure pages and will be redirected to the login page LithiumUserSecure  1 Secure Session  management  session The user will not be able to view secure pages and will be redirected to the login page.   LithiumVisitor 4 Replaces VISITOR_BEACON. Khoros currently uses both for backward compatibility. This cookie computes billing visits, registered billing visits, visits, registered visits, and unique visitors metrics. The cookie is encrypted and stores when it was first issued, when it was last seen by Khoros, an unique visitor ID (which is unique per visitor’s browser). Configurable (Default = 10 years)  Note: To change the default value, contact Khoros Support. Visits and unique visitors metrics will not be accurate. There will be a new billable visit on each new request. Customers on billing visits model will be affected. P{poll_id}U{user_id}R{reset_count} 3 Tracks when a user has voted in a poll and tracks the answer value. The cookie is used to prevent a user from voting multiple times in a single poll. The cookie is only placed if Use cookies to prevent multiple votes is enabled in Community Admin. 1,000000+ days (persistent) If the user is an anonymous user, the user will be able to vote multiple times when the cookie is cleared. If the user is logged in, votes, and then clears the cookie, they are not allowed to revote. PushyAuthToken 1 Authenticates the user for a session with Realtime Notifications service (Pushy) Manually cleared when the user logs out or when their session expires due to inactivity WebSocket connections to the Realtime Notification service will fail with a 403 Forbidden error and the user will not see realtime notifications. VISITOR_BEACON 4 Computes billing visits, registered billing visits, visits, registered visits, and unique visitors metrics. The cookie is encrypted and stores, when it was first issued, when it was last seen by Khoros, the user ID, and its own unique ID. Configurable  (Default = 10 years) Note:  To change the  default value, contact Khoros Support. Visits and unique visitors metrics will not be accurate. There will be a new billable visit on each new request. Customers on billing visits model will be affected. VISITORID 1 Distinguishes between human and bot traffic 3 years (session) Defeats the bot detection mechanism. (May see increased spam on the community.) ValueSurveyParticipation 3 Stores a timestamp storing the creation time of this cookie, which is used in value survey trigger logic.   Default is 90 days. Configurable in Community Admin The user will get multiple prompts to take a survey ValueSurveyVisitorCount 3 Stores the survey visit count of the user, which is used in logic that determines when a survey is triggered. This cookie is used in conjunction with the ValueSurveyParticipation cookie. When the ValueSurveyParticiation is set, the count for ValueSurveyVisitorCount cookie is reset to 0. Expires when the ValueSurveyParticipation cookie is either set or expires The user will not be prompted to take a survey until the count defined in the Delay before prompting user with survey field in Community Admin > Features > Value Surveys > Settings is met. Social Media Management cookies Social Media Management Cookies Cookie Name Type Description and Purpose Expiration Time/Type If removed, disabled, or not accepted X-TOKEN-ID 1 Protects against cross-site scripting Session This is a security token. It is critical for the application to run PLAY_SESSION 1 This is the main session cookie Session This is the main session cookie. It is critical for the application to run __sdx_page 3 Stores the user’s current application tab 14 days When a user reloads the page, the user is redirected to the default tab instead of to the last tab used in the application PLAY_LANG 3 Retrieves the user’s language 14 days This is used only when LSW cannot detect the browser language and a user has no language set Social Media Management Analytics Cookies Cookie Name Type Description and Purpose Expiration Time/Type If removed, disabled, or not accepted XSessionID 1 This is the main session cookie 24 hours This is the main session cookie. It is critical for the application to run JSESSIONID 3 This is an auto-generated JSP cookie Session The application does not rely on this cookie but uses the cookie occasionally to auto-generate UUIDs LSW Publisher Cookies Cookie Name Type Description and Purpose Expiration Time/Type If removed, disabled, or not accepted TOCOMA-CID 1 The user’s main session cookie Expires when the browser session ends The application will not run LSI cookies Cookie Name Type Description and Purpose Expiration Time/Type If removed, disabled, or not accepted SIP|ws 3 Tracks the workspace to redirect to after a session timeout 1 day   All Khoros Community cookies also apply to LSI   Customer and third-party cookies on Khoros communities Khoros customers may set additional cookies on Khoros Community in addition to the standard cookies disclosed above. These cookies are set and controlled by Khoros customers and their affiliates for various purposes such as website usage tracking (very common practice) and targeting for surveys or advertising in some cases. Khoros does not control the dissemination of such cookies. If you need more information on which additional cookies are set on the Community you are visiting, visit the community’s privacy section. You may also wish to review the How to control cookies section to view, remove, or block certain cookies. Note that disabling or removing cookies may have an adverse impact on the proper functioning of the community, and certain features may become disabled or unavailable. Cookies set by third-party and external sites Communities may contain embedded images, videos, and links to external and third-party websites. Khoros customers may also include syndicated content on their communities such as banner ads and similar embedded objects from their affiliates and partners. As a result, when you click on such an object you may be presented with cookies from the owner of that respective website where the content is hosted. Khoros does not control the dissemination of such cookies. Contact the relevant third party website for their privacy policy and cookie information. Note that disabling or removing cookies may have an adverse impact on the proper functioning of the community, and certain features may become disabled or unavailable. Cookies used on JX communities Khoros recently acquired the Jive-x community business and rebranded those communities as JX. JX communities use the following cookies: Cookie Name Description and Purpose  Possible Values Type Expiration Time/Type anonymous Used only by the Gamification module. Tracks if the user is authenticated or not. true or false 3 one year BIGipServer   Cookies prefixed with BIGipServer help to efficiently route internal traffic, and contain encoded addresses of internal Jive servers. These addresses are strictly internal, and cannot be used to connect to internal servers from the Internet. Altering the values of the cookie will not have any effect. For more information about these cookies, see the article  Overview of BIG-IP persistence cookie encoding  on the F5 Support site.   2   clickedFolder This cookie is used in the Admin Console to persist the open/closed status of the current folder as used in various tree-view portions of the Admin Console. string, true, or false. 1 at session end containerSecurityToken Used for RPC and Proxy Calls (Shindig Token) in loading app data in iFrames String, alphanumeric  1  configurable, defaults to 1 hour highlightedTreeviewLink This cookie is used in the Admin Console to persist the current folder as used in various tree-view portions of the Admin Console. integer, the DOM ID of the clicked folder. 1 at session end jive-cookie This cookie is used in the Admin Console to temporarily persist an encrypted username/password when creating a bridge between two sites. The information in the cookie is first encrypted with AES/256 encryption and then Base64 encoded. string, Base64 encoded, encrypted username/password of remote site. 1 at session end jive_default_editor_mode This cookie is used on the front-end for guest/anonymous users who choose to use an editor mode other than the default editor mode. string, advanced 3 30 days jiveLocale This cookie is used on the front-end for guest/anonymous users who choose a locale setting. string, locale code 3 30 days jive.login.ts Stores the time stamp of the user's last login. epoch time in ms 1 at session end jive.login.type Stores the type of login that was performed, either true native JX login or via SSO String, either "form" or "saml" 1 30 days jive.mobile.redirect This cookie retains the user's selection for opening content in the Jive Mobile Web app or the Jive Native App when using a mobile device. Currently supported for iOS devices only. WEB, NATIVE 3 one month jiveRegularLoginUserCookie This cookie is used to auto-redirect the login screen to the built-in authentication page (if the value exists and is set). true 1 one month jive.saml.passive.tried This cookie is used to mark when SAML passive authentication has already been attempted. true 1 3600 seconds (one hour) jive.security.context This cookie is the authentication context for the user. the user's encrypted security contex 1 30 minutes unless refreshed. Same as the standard servlet container session timeout jive.server.info This cookie is used on the front-end in combination with Content Distribution Networks (CDN) like Akamai to associate the user with a specific server (also known as "session affinity"). string, a combination of the serverName, serverPort, contextPath, localName, localPort, and localAddr 1 at session end jiveSSOLoginUserCookie This cookie is used to auto-redirect the SSO screen to the built-in authentication page (if the value exists and is set). true 1 one month jiveTimeZoneID This cookie is used on the front-end for guest/anonymous users who choose a timezone setting. string, timezone ID 3 30 days jive.senttoidp Used to indicate whether a user has logged in with an SSO authority, used in conjunction with the "require explicit first time login" feature string, true 3 30 days jive.user.loggedin This cookie is used on the front-end in combination with Content Distribution Networks (CDN) to denote the status of the current request. string, true if the current request originates from a browser where the user is logged in 1 at session end jive_wysiwygtext_height This cookie is used on the front-end to persist the height of the editor window across sessions integer, the height in pixels of the editor after the user chooses to expand the editor window 3 one year JSESSIONID This cookie is used on the front-end and the Admin Console to identify a session. It is part of the  Java Servlet specification . string, the unique token generated by Apache Tomcat 1 at session end linkedin_oauth_ This cookie is used to communicate and authenticate with LinkedIn.   1   place_info This cookie is used to temporarily store the tile configuration information when a user is configuring a tile that integrates with a third-party system, such as Salesforce. After the user clicks  Save  in the place template editing interface, the cookie is destroyed. string, encoded representation of the place type and place id 1 after place template changes are saved skin.palette.preview This cookie is used to preview the site with an unpublished template. ID (long value) of the template 1 long lived. 30 days SPRING_SECURITY_REMEMBER_ME_COOKIE This cookie is used on the front-end as part of the security authentication process to denote whether or not the user wants to have their credentials persist across sessions. It is part of the Spring Security specification; details are available  here . string, the Base64 encoded username and expiration time combined with an MD5 hex hash of the username, password, expiration time, and private key. 1 defaults to 14 days X-JCAPI-TOKEN Legacy csrf token, only in use in the mobile apps, set only to provide backwards compatibility String, random with 8-character length 1 1 year   Contact Khoros For Privacy related requests email privacy [at] khoros [dot] com. Use a secure communication method such as PGP or SMIME for sharing sensitive information. Find Khoros's Privacy Policy at http://www.lithium.com/privacy. For Security related requests email security [at] khoros [dot] com. Use a secure communication method such as PGP or SMIME for sharing sensitive information. Read about our Security Testing and Reporting Policy at https://www.lithium.com/security. For sales related and general inquiries, contact your designated Account Manager or visit our website at http://www.lithium.com
View full article
by Retired Community Manager JennC Retired Community Manager 07-20-2016 01:57 PM
Labels (3)
10
30345
  Lithium processes and stores its U.S., Canadian, and Asia/Pacific customers’ data primarily in the United States, and its European/ Middle Easter customers’ data primarily in the EU/ EEA, with some exceptions noted below.  Customer Region Lithium Application Primary Storage Back Up Storage US/ Canada/Asia/Pacific Lithium Community US (Equinix in transition moving to AWS in 2018) US (AWS) US/ Canada/Asia/Pacific Lithium Social Media Management (Reach and Response/ LSW) US (AWS) US (AWS) US/ Canada/Asia/Pacific Spredfast-legacy products US (AWS) US (AWS) US Lithium JX Community, formerly known as Jive-X US (Jive) US (Jive) EU/ EEA/ Middle East Lithium Community The Netherlands (Equinix in transition moving to Ireland, AWS in 2018) Ireland (AWS) EU/ EEA/ Middle East Lithium Social Media Management (Reach and Response/ LSW) Ireland (AWS) Ireland (AWS) EU/ EEA/ Middle East Spredfast-legacy products US (AWS) US (AWS) EU Lithium JX Community, formerly known as Jive-X The Netherlands (Jive) England (Jive) Effective October 2, 2018, Lithium and Spredfast closed their merger transaction, and new listings related to Spredfast-legacy products have been added as appropriate. Effective October 3, 2017, Lithium acquired the Jive-x external community platform from Jive Software, an Aurea company. As a result, Lithium entered into a transition services agreement with Jive that will allow Jive, functioning as a subprocessor, to continue to provide Jive-x services for 12 to 15 months. Lithium provides customer support and conducts engineering work that might sometimes require limited access to our customers’ data from Lithium office locations in the U.S. and India.    In addition, Lithium engages subcontractors outside the EU/ EEA that process some limited EU customer data such as log files, and spam email filtering, or that provide technical support to our European customers.  Lithium requires that its subcontractors comply with security and data privacy standards at least as protective as those that Lithium commits to its customers, and this is reflected in our contracts with our subcontractors.  In relation to EU data privacy regulatory compliance, Lithium complies with the requirements of the EC Standard Contractual Clauses, and requires that its subcontractors that have access to Lithium customers’ data similarly comply. Further, Lithium will enter into the EC Standard Contractual Clauses with any European customer upon request.   AWS AWS provides storage and virtual computing resources Backups are stored in AES 256-bit encrypted format AWS personnel do not have access to Lithium encryption keys AWS is ISO 27001 certified and SOC 2 audited AWS has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA, Ireland Headquarter location: 1200 12th Avenue South Suite 1200 Seattle, WA, 98144-2734 USA Akismet (formerly known as “Automattic, Inc.”) Akismet is our spam content management service provider Akismet has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter location: 132 Hawthorne Street San Francisco, CA 94107 USA Sumo Logic Sumo Logic processes only log data Sumo Logic has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter location: 305 Main Street Redwood City, CA 94063 USA Persistent Persistent provides software development services Persistent is ISO 27001 certified Persistent has contractually committed to comply with EC Standard Contractual Clauses Processing locations: India Headquarter location: Bhageerath, 402 Senapati Bapat Road PUNE – 411016 India ETI Software Solutions (formerly Netmania) ETI provides upgrade and maintenance of sites, L1/L2 support, and, at the customer’s request, customer migration services ETI is ISO 27001 certified ETI has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA, Bulgaria, UK Headquarter location: The Stables Elmhurst Business Park Park Lane Elmhurst, WS13 8EX United Kingdom Infogain Corporation (formerly Blue Star Infotech America, Inc.) Infogain provides software development services, and L1/L2 support Infogain has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA, India Headquarter location: 485 Alberto Way Suite 100 Los Gatos, CA 95032 USA Direct Defense, Inc. DirectDefense provides security incident response services. DirectDefense will only be provided access in the event of a security incident DirectDefense has contractually committed to comply with EC Standard Contractual Clauses DirectDefese is SOC 2 audited Processing locations: USA Headquarter locations: 385 Inverness Pkwy. Suite 360 Englewood, CO 80112 USA Akamai Technologies, Inc. Akamai provides content delivery network (CDN) services Akamai has contractually committed to comply with EC Standard Contractual Clauses Processing locations: Worldwide (for location list see Akamai site https://www.akamai.com/us/en/locations.jsp ) Headquarter location: 8 Cambridge Center Cambridge MA 02142 USA Clarotest Consulting Lab S.R.L. Clarotest provides software development, consulting and technical support services for the Lithium JX Community (formerly known as Jive-X) Clarotest has contractually committed to comply with EC Standard Contractual Clauses Processing locations: Argentina Headquarter location: Franklin Roosevelt 2783, CABA Buenos Aires, 1425 Argentina Smooch Technologies, Inc. Smooch provides a hosted service that helps extend Lithium’s conversational capabilities across all messaging channels made available by Smooch Smooch has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter locations: 5333 Casgrain, Suite 1201 Montreal, QC H2T 1X3 Canada Netbase Solutions, Inc.   Netbase provides a specialized uploader for customer to transfer Lithium data exports via files into Netbase, and will partition customer data for restricted access by customer users Netbase has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter locations: 3960 Freedom Cir #201 Santa Clara, CA 95054 USA Salesforce.com, Inc Salesforce.com provides a cloud-based ticketing system for customer services provided in connection with Lithium products Salesforce has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter location: The Landmark at One Market, Suite 300 San Francisco, CA 94105 USA Fastly Fastly provides a content delivery network (CDN) services for Spredfast products Processing locations: Worldwide (for location list see Fastly site https://www.fastly.com/network-map) Headquarter location: 475 Brannan St. #300 San Francisco CA 94107 USA VirtualMind VirtualMind provides software development services for the Spredfast Conversations product Processing locations: Argentina Headquarter location: 2134 Rivadavia Avenue, Floor 3, Suite B Buenos Aires Argentina SoftServe SoftServe provides software development services for the Spredfast Conversations product Processing locations: Ukraine Headquarter location: 2D Sadova Street Lviv, Ukraine 79021 GoodData GoodData provides analytics for the Spredfast Conversations product Processing locations: USA Headquarter location: 660 3rd Street San Francisco CA 94107 USA Zendesk Zendesk provides a cloud-based ticketing system for customer services provided in connection with Spredfast products Processing locations: USA Headquarter location: 1019 Market Street San Francisco CA 94103 USA Pendo Pendo provides in-product help, guidance and product announcements Processing locations: USA Headquarter location: 150 Fayetteville Street Raleigh NC 27601 USA   Squelch Integrates with apps to index data and provides an optimized search tool for support agents Squelch has contractually committed to becoming SOC2 certified Processing locations: USA Headquarter location: 555 Twin Dolphin Drive, Suite 170 Redwood City CA 94065 USA SendGrid Provides email products Processing locations: USA Headquarter location: 375 Beale St, Suite 300 San Francisco CA 94105 USA   In addition to the above, Lithium also utilizes the following subprocessors to provide certain optional services (as indicated below) to those Lithium customers who elect to purchase those optional services:     Ooyala, Inc. Ooyala provides video storage and playback services for those customers who purchase the video option Processing locations: USA, Australia, Mexico, Singapore, UK, Spain, France, Germany, Sweden Headquarter location: 4750 Patrick Henry Drive Santa Clara, CA 95054 USA   Box, Inc. Box provides file preview services for those customers who purchase the file preview option Processing locations: USA Headquarter location: 1895 El Camino Real Palo Alto CA 94306 USA   Cloud Elements, Inc. Cloud Elements provides API integration platform services for integration with customers’ CRM applications Cloud Elements has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA, Ireland Headquarter location: 3001 Brighton Blvd. Suite #642 Denver, CO 80216 USA     ServiceRocket, Inc. ServiceRocket provides a hosted portal for accessing Lithium training and education materials ServiceRocket is SSAE 16 SOC2 Type 2 certified ServiceRocket is Privacy Shield certified Processing locations: USA Headquarter location: 2741 Middlefield Rd. Suite 200 Palo Alto, CA 94306 USA   Grazitti Interactive Grazitti provides online community and software development services including data migration, integrations, UX and UI services, Community Management, and L1/L2 post-live Support. Grazitti is ISO 27001 certified and SSAE 18 SOC 1 Type 2, SOC 2 Type 2 compliant Processing locations: India Headquarter location: Plot 198, Phase 2, Industrial Area Panchkula, HR India 134113             Lithium also utilizes subcontractors that do not have any access to our customer’s data, and are therefore not listed in this Guide.   Subprocessor detail chart: Vendor Usage / Lithium Applications Access Type Transfer or Access Security Audit SSAE 16 SOC 2 Security Certification ISO 27001 Controls AWS Cloud hosting for Lithium Community and SMM Logical access to data is  possible No data is transferred (stays in region) Yes Yes Data is encrypted. Only Lithium has keys. Sumo Logic Log collection and storage for Lithium Community and SMM Log files only Logs are transferred to servers in USA Yes Yes Log data is encrypted.  Sumo has keys. Akismet Spam detection for Lithium Community No access to PII (only content) Content is transferred to API end point in USA No No Short-term access to content only. Persistent Outsourcing for Lithium Community and SMM Development services Access from India No Yes Same as Lithium employees. ETI Software Solutions (formerly Netmania) Outsourcing for Lithium Community and SMM Support, Migration, Upgrades Access from Bulgaria, Italy, and UK No Yes Same as Lithium employees. Ooyala Video playback and storage for Lithium Community Access to uploaded videos is possible Storage in the USA Yes No Ooyala has access to videos. Box File storage for customers using the File Preview feature  of Lithium Community and/or SMM Access to file attachments is possible Storage in the USA Yes Yes Files are stored encrypted. Box has access to keys. Infogain Corporation Outsourcing for Lithium Community and SMM Support and troubleshoot Access from USA and India Yes Yes Same as Lithium employees. Cloud Elements, Inc. API integration platform (for CRM integration with Lithium SMM) Logical access is possible No data is transferred (stays in region) No No EC Model Clauses and audit rights Direct Defense, Inc. Incident Response Logical access to logfiles and other data is possible Data is transferred to DirectDefense ShareFile servers in a SOC 2 certified SaaS environment. Yes No Multi-Factor Authentication required for access.  Data is encrypted in transit and at rest. Least privilege access control processes are in place. Akamai Technologies, Inc. Content Delivery Network for Lithium Community Logical access to data is possible Data is transferred to the nearest Akamai network POP within the geographical origin area of the end user request Yes ISO 27002 EC Model Clauses and annual review of SOC 2 audit report ServiceRocket, Inc. Cloud hosting for Lithium training and education materials for Lithium Community and SMM Logical access to data is  possible Transfer to US hosting facilities Yes No Data is encrypted. Only Lithium has keys. Clarotest Consulting Lab S.R.L. Development services and support for the Lithium JX Community Some access to customer data as part of outage mitigation. Access from Argentina No No. ISO 9001 instead. Comply with Lithium’s security requirements. Smooch Technologies, Inc. Hosted service that helps extend Lithium's conversational capabilities Logical access to data is  possible Storage in USA In progress No Data is encrypted. Netbase Solutions, Inc. Ingestion and analysis of customer’s Lithium Data Logical access to data is  possible Storage in USA Yes No EC Model Clauses and audit rights Grazitti Interactive Outsourcing for Lithium Community Support and trouble-shoot, migration and upgrades, Some access to customer data Access from India No – SSAE 18 SOC 1 and SOC 2 Yes EC Model Clauses and audit rights Salesforce.com, Inc. Hosted service that provides customer support ticketing for Lithium products Logical access to data is possible Data storage in USA. Yes Yes EC Model Clauses; also see https://trust.salesforce.com/en/compliance/ Fastly Content Delivery Network for Spredfast Logical access to data is possible Data is transferred to the nearest Fastly POP within the geographical origin area of the end user request Yes No https://docs.fastly.com/guides/compliance/ VirtualMind Outsourcing for Spredfast products Development services Access from Argentina No No Same as Lithium Employees SoftServe Outsourcing for Spredfast products Development services Access from Ukraine No Yes Same as Lithium Employees GoodData Hosted service that provides customer facing analytics for Spredfast products Logical access to data is possible Storage in USA Yes Yes Data is encrypted Zendesk Hosted service that provides customer support ticketing for Spredfast products Some access to customer data possible Storage in USA Yes Yes Data is encrypted Pendo Hosted service that provides in-product help, guidance and product announcements. Some access to customer data possible Storage in USA Yes No Data is encrypted Squelch Federated search and indexing; Salesforce (internal), Confluence (internal), Box (internal) Logical access to data is possible Storage in USA No No Comply with Lithium’s security requirements. SendGrid Provides email products Some access to customer data possible Storage in USA, UK, India, and Japan Yes No Comply with Lithium’s security requirements.  
View full article
by Community Administrator Community Administrator Community Administrator 08-16-2018 11:56 PM
0
2926
The following companies are subprocessors to Lithium, Inc.: AWS (locations in the USA and Ireland) Sumo Logic (AWS locations in the USA) Akismet (location in the USA) Persistent (location in India) ETI Software Solutions (formerly Netmania) (locations in USA, Bulgaria, and UK) Infogain Corporation (formerly Blue Star Infotech America, Inc.) (locations in the US and India) Akamai Technologies, Inc. (locations are global; for listing see Akamai site at https://www.akamai.com/us/en/locations.jsp) ServiceRocket, Inc. (locations in the USA) Clarotest Consulting Lab (location in Argentina) Smooch Technologies, Inc. (AWS locations in the USA and EU) Netbase Solutions, Inc. (locations in the USA) Grazitti Interactive (locations in India) Direct Defense, Inc. (locations in the USA) Salesforce.com, Inc. (location in the USA) Fastly (Spredfast products)(locations are global; for listing see Fastly site at https://www.fastly.com/network-map) VirtualMind (Spredfast products)(location in Argentina) SoftServe (Spredfast products)(location in Ukraine) GoodData (Spredfast products)(location in the USA) Zendesk (Spredfast products)(location in the USA) Pendo (Spredfast products)(location in the USA) Squelch (location in the USA) SendGrid (location in the USA)   Lithium also utilizes the following subprocessors to provide certain optional services to those Lithium customers to elect to purchase those optional services: Ooyala, Inc. (locations in USA, Australia, Mexico, Singapore, UK, Spain, France, Germany, Sweden) (video storage and playback option) Box, Inc. (locations in USA) (file preview option) Cloud Elements, Inc. (locations in the US and Ireland) (API integration with customer’s CRM application)   Effective October 2, 2018, Lithium and Spredfast closed their merger transaction, and new listings related to Spredfast-legacy products have been added above. Effective October 3, 2017, Lithium acquired the Jive-x external community platform from Jive Software, an Aurea company. As a result Lithium entered into a transition services agreement with Jive that will allow Jive, functioning as a subprocessor, to continue to provide Jive-x services for 12 to 15 months.    Lithium also utilizes subcontractors that do not have any access to our customer’s data, such as, for example, Equinix and Wave Business which maintain data center facilities hosting Lithium’s main US-based data centers.   If you have any questions, please contact your Lithium Customer Success Representative. For more information about our subprocessors please see the Lithium Data Location and Subprocessor Guide by visiting https://community.khoros.com/t5/Policies-and-Guidelines/Lithium-Data-Location-and-Subprocessor-Guide/ta-p/490163.   What’s changed since our last version: Added Squelch and SendGrid Removed iTalent and Social Edge
View full article
by Khoros Staff LithiumPrivacy Khoros Staff 10-21-2015 03:58 PM
Labels (1)
0
8244
Lithium's steps to ensure GDPR Compliance
View full article
by Lithium Alumni (Retired) Lithium Alumni (Retired) Lithium Alumni (Retired) 04-27-2017 10:05 AM
12
16036
For Lithium Communities Data Retention Customer data is retained for the duration of the customer’s contract with Lithium, unless otherwise instructed by the customer. When the contract ends, Lithium Support contacts the customer to offer data return. Then, after the data has been returned or declined by the customer, the data is deleted. Deletion occurs within thirty days with the following exceptions: Data on back up systems or media is maintained for 90 days in order to maintain sound business continuity practices and then deleted Log files are maintained for up to twelve months for security reasons and then deleted Klout data: Lithium has discontinued the Klout service, website and brand, and deleted personal data used for that purpose. Lithium will continue to receive publicly available data from Twitter, consistent with Twitter’s privacy policy, and will continue to delete Twitter users’ personal data at Twitter’s instruction. Public data we receive from Twitter is retained for 90 days and then deleted. Data you post to Twitter is controlled by Twitter, so if you do not want your personal data made available via Twitter, you would need to opt out of Twitter, or change your privacy settings on Twitter.   . During and after the life of the contract, Lithium can use aggregated and anonymized data for metrics and reporting purpose. This data does not include any personal information nor any information about the customer or the end user. Data Backup and Restoration Information on backup tapes is encrypted using AES 256-bit information and tapes are over written every ninety (90) days. Access to the backup tapes is restricted to authorized individuals. Offsite tapes are kept in a secure facility. Backups are made daily and full backups weekly. We conduct backup restoration testing every six (6) months, in January and July. Data Destruction When the contract ends, if the customer wants a copy of the data, we provide the information to the customer in an XML format via our secure SFTP servers. The information on the SFTP servers remain intact for 30 days after which time it is deleted, unless otherwise instructed by the customer. The active data bases are also dropped from the production servers as well after the XML extraction is transferred to the customer. After the media used for storage is retired, it is scrubbed or destroyed using NIST SP 800-88 guidelines. For Social Media Management SMM does not provide a full data backup of the customer data. Instead, SMM customers  must run their own SMM reports to extract data as they need on a rolling basis. Learn more about exporting raw data from Social Response.
View full article
by Community Manager Community Manager Community Manager 04-11-2018 01:49 PM
Labels (1)
0
2029