cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Policies and Guidelines

Policies and Guidelines

Filter
Filter by Labels
Select any of the labels below to filter results.
Filters applied...
general data protection regulation
Sorted by:
Khoros processes and stores its U.S., Canadian, and Asia/Pacific customers’ data primarily in the United States, and its European/ Middle Easter customers’ data primarily in the EU/ EEA, with some exceptions noted below.   Customer Region Khoros Application Primary Storage Back Up Storage US/ Canada/Asia/Pacific Khoros Community US (Equinix in transition moving to AWS in 2018) US (AWS) US/ Canada/Asia/Pacific Khoros Care US (AWS) US (AWS) US/ Canada/Asia/Pacific Khoros Marketing US (AWS) US (AWS) US Khoros JX Community, formerly known as Jive-X US (Jive) US (Jive) EU/ EEA/ Middle East Khoros Community The Netherlands (Equinix in transition moving to Ireland, AWS in 2018) Ireland (AWS) EU/ EEA/ Middle East Khoros Care Ireland (AWS) Ireland (AWS) EU/ EEA/ Middle East Khoros Marketing US (AWS) US (AWS) EU Khoros JX Community, formerly known as Jive-X The Netherlands (Jive) England (Jive)   Effective October 2, 2018, Lithium and Spredfast closed their merger transaction and the merged company is now rebranded to Khoros.  New listings related to Spredfast-legacy products have been added as Khoros Marketing products, as appropriate. Effective October 3, 2017, Lithium acquired the Jive-x external community platform from Jive Software, an Aurea company. As a result Lithium entered into a transition services agreement with Jive that will allow Jive, functioning as a subprocessor, to continue to provide Jive-x services for 12 to 15 months. Khoros provides customer support and conducts engineering work that might sometimes require limited access to our customers’ data from Khoros office locations in the U.S., Australia,  and India. In addition, Khoros engages subcontractors outside the EU/ EEA that process some limited EU customer data such as log files, and spam email filtering, or that provide technical support to our European customers.   Khoros requires that its subcontractors comply with security and data privacy standards at least as protective as those that Khoros commits to its customers, and this is reflected in our contracts with our subcontractors.  In relation to EU data privacy regulatory compliance, Khoros complies with the requirements of the EC Standard Contractual Clauses, and requires that its subcontractors that have access to Khoros customers’ data similarly comply. Further, Khoros will enter into the EC Standard Contractual Clauses with any European customer upon request.  Subprocessor detail chart:  Vendor (Processing Location) Usage / Khoros Applications Access Type Transfer or Access  Security Audit SSAE 16 SOC 2 Security Certification ISO 27001 Controls AWS (USA/Ireland) Cloud hosting for Khoros Community, Khoros Care, and Khoros Marketing Logical access to data is  possible No data is transferred (stays in region) Yes Yes Data is encrypted. Only Khoros has keys. Sumo Logic (AWS locations in USA) Log collection and storage for Khoros Community and Khoros Care Log files only Logs are transferred to servers in USA Yes Yes Log data is encrypted.  Sumo has keys. Akismet (USA) Spam detection for Khoros Community  No access to PII (only content) Content is transferred to API end point in USA No No Short-term access to content only. Persistent (India) Outsourcing for Khoros Community and Khoros Care Development services Access from India No Yes Same as Khoros employees. ETI Software Solutions (formerly Netmania ) (USA, Bulgaria, UK) Outsourcing for Khoros Community and Khoros Care Support, Migration, Upgrades Access from Bulgaria, Italy, and UK No Yes Same as Khoros employees. Ooyala * ( USA, Australia, Mexico, Singapore, UK, Spain, France, Germany, Sweden) Video playback and storage for Khoros Community  Access to uploaded videos is possible Storage in the USA Yes No Ooyala has access to videos. Box * (USA) File storage for customers using the File Preview feature  of Khoros Community and/or Khoros Care Access to file attachments is possible Storage in the USA Yes Yes Files are stored encrypted. Box has access to keys. Cloud Elements, Inc.* (USA, Ireland) API integration platform (for CRM integration with Khoros Care) Logical access is possible No data is transferred (stays in region) No No EC Model Clauses and audit rights Direct Defense, Inc. (USA) Incident Response Logical access to logfiles and other data is possible Data is transferred to DirectDefense ShareFile servers in a SOC 2 certified SaaS environment. Yes No Multi-Factor Authentication required for access.  Data is encrypted in transit and at rest. Least privilege access control processes are in place. Akamai Technologies, Inc. (Worldwide for location list see Akamai site  https://www.akamai.com/us/en/locations.jsp ) Content Delivery Network for Khoros Community Logical access to data is possible Data is transferred to the nearest Akamai network POP within the geographical origin area of the end user request  Yes ISO 27002 EC Model Clauses and annual review of SOC 2 audit report Clarotest Consulting Lab S.R.L.  (Argentina) Development services and support for the Khoros JX Community Some access to customer data as part of outage mitigation. Access from Argentina No No.  ISO 9001 instead. Comply with Khoros’s security requirements. Smooch Technologies, Inc. (USA) Hosted service that helps extend Khoros’s conversational capabilities Logical access to data is  possible Storage in USA In progress No Data is encrypted. Netbase Solutions, Inc. (USA) Ingestion and analysis of customer’s Khoros Data Logical access to data is  possible Storage in USA Yes  No EC Model Clauses and audit rights iTalent Corporation (USA, India, and UK)) Outsourcing for Khoros Community and Khoros JX Community Support and trouble-shoot, migration and upgrades, Some access to customer data Access from USA  UK and India Yes Yes EC Model Clauses and audit rights Social Edge Consulting, LLC (USA, Canada, UK, Portugal, and Spain) Outsourcing for Khoros Community and Khoros JX Community Support and trouble-shoot, migration and upgrades, Some access to customer data Access from USA, Canada, UK,  Portugal and Spain  Yes Yes EC Model Clauses and audit rights Grazitti Interactive* (India) Outsourcing for Khoros Community Support and trouble-shoot, migration and upgrades, Some access to customer data Access from India No – SSAE 18 SOC 1 and SOC 2 Yes EC Model Clauses and audit rights Salesforce.com, Inc. (USA) Hosted service that provides customer support ticketing for Khoros products Logical access to data is possible Data storage in USA. Yes Yes EC Model Clauses; also see https://trust.salesforce.com/en/compliance/   Fastly Worldwide (for location list see Fastly site  https://www.fastly.com/network-map ) Content Delivery Network for Khoros Marketing Logical access to data is possible Data is transferred to the nearest Fastly POP within the geographical origin area of the end user request Yes No https://docs.fastly.com/guides/compliance/ VirtualMind (Argentina) Outsourcing for Khoros Marketing Development services Access from Argentina No No Same as Khoros Employees Zendesk (USA) Hosted service that provides customer support ticketing for Khoros Marketing products Some access to customer data possible Storage in USA Yes Yes Data is encrypted Pendo (USA) Hosted service that provides in-product help, guidance and product announcements. Some access to customer data possible Storage in USA Yes No Data is encrypted Squelch (USA) Federated search and indexing; Salesforce (internal), Confluence (internal), Box (internal) Logical access to data is possible Storage in USA No No Comply with Khoros’s security requirements. Hyland (USA and Ireland) Video playback and storage for JX Communities Access to uploaded videos is possible Storage in USA and Ireland Yes Yes Numerous control options available through Twistage settings and AWS BI Worldwide* (f/k/a Bunchball) (USA with back-ups across multiple availability zones See https://aws.amazon.com/compliance/data-center/controls/) Gamification functionality for JX Communities •Authentication/authorization is in place to ensure access only by BI Worldwide using privilege of least access •AWS KMS with automatic key rotation is enabled. Access from USA and Ireland No No  BI Worldwide follows AWS hardening best practices Gong.io * (USA and Israel) SaaS conversation intelligence platform used for sales coaching and sales enablement purposes. All products as optional service   Data hosted in USA and access in Israel d/ Yes Yes SOC 2 audit report contains security controls in place.    Segment (USA) Customer data infrastructure for Khoros Marketing Access via web application login Primary processing is in US-West-2 and primary s3 buckets are in US East-1.   No data is transferred outside of region. In process of  becoming SOC 2 type 1 and type 2 certified   Yes Data is encrypted in transit and at rest * indicates an optional service  AWS   AWS provides storage and virtual computing resources Backups are stored in AES 256-bit encrypted format AWS personnel do not have access to Khoros encryption keys AWS is ISO 27001 certified and SOC 2 audited AWS has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA, Ireland Headquarter location:  1200 12th Avenue South Suite 1200 Seattle, WA 98144-2734 USA Akismet (formerly known as “Automattic, Inc.”) Akismet is our spam content management service provider  Akismet has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA  Headquarter location:  132 Hawthorne Street San Francisco, CA 94107 USA   Sumo Logic   Sumo Logic processes only log data Sumo Logic has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter location: 305 Main Street Redwood City, CA 94063 USA Persistent   Persistent provides software development services Persistent is ISO 27001 certified Persistent has contractually committed to comply with EC Standard Contractual Clauses Processing locations: India Headquarter location: Bhageerath, 402, Senapati Bapat Road, PUNE – 411016 India ETI Software Solutions (formerly Netmania)   ETI provides upgrade and maintenance of sites, L1/L2 support, and, at the customer’s request,  customer migration services ETI is ISO 27001 certified ETI has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA, Bulgaria, UK Headquarter location: The Stables Elmhurst Business Park Park Lane Elmhurst, WS13 8EX United Kingdom Direct Defense, Inc. DirectDefense provides security incident response services. DirectDefense will only be provided access in the event of a security incident DirectDefense has contractually committed to comply with EC Standard Contractual Clauses DirectDefese is SOC 2 audited Processing locations: USA Headquarter locations:   385 Inverness Pkwy. Suite 360 Englewood, CO 80112 USA   Akamai Technologies, Inc.   Akamai provides content delivery network (CDN) services Akamai has contractually committed to comply with EC Standard Contractual Clauses Processing locations: Worldwide (for location list see Akamai site https://www.akamai.com/us/en/locations.jsp ) Headquarter location: 8 Cambridge Center Cambridge MA 02142 USA   Clarotest Consulting Lab S.R.L.   Clarotest provides software development, consulting and technical support services for the Khoros JX Community (formerly known as Jive-X)  Clarotest has contractually committed to comply with EC Standard Contractual Clauses Processing locations: Argentina Headquarter location: Franklin Roosevelt 2783, CABA Buenos Aires, 1425 Argentina    Smooch Technologies, Inc.   Smooch provides a hosted service that helps extend Khoros’s conversational capabilities across all messaging channels made available by Smooch Smooch has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter locations: 5333 Casgrain, Suite 1201 Montreal, QC H2T 1X3 Canada   Netbase Solutions, Inc.    Netbase provides a specialized uploader for customer to transfer Khoros data exports via files into Netbase, and will partition customer data for restricted access by customer users Netbase has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter locations: 3960 Freedom Cir #201 Santa Clara, CA 95054 USA     iTalent Corporation   iTalent provides Community Managed Services that include software development, L1/L2 Support, and data assessment, mapping, appending, cleanings and migration services. In addition, iTalent provides project management and community management support services iTalent has contractually committed to comply with the EC Standard Contractual Clauses Processing locations: USA, UK and India Headquarter locations: 27 Devine Street San Jose, CA 95110 USA     Social Edge Consulting, LLC   Social Edge provides software development services, L1/L2 support, project lifecycle management, and content migration services Social Edge has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA , Canada, UK, Portugal, Spain Headquarter location: 79 Madison Avenue New York, NY 10016 USA     Salesforce.com, Inc.   Salesforce.com provides a cloud-based ticketing system for customer services provided in connection with Khoros products Salesforce has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA Headquarter location: The Landmark at One Market, Suite 300 San Francisco, CA 94105 USA       Fastly   Fastly provides content delivery network (CDN) services for Khoros Marketing products Processing locations: Worldwide (for location list see Fastly site https://www.fastly.com/network-map ) Headquarter location: 475 Brannan St. #300 San Francisco CA 94107 USA     VirtualMind   VirtualMind provides software development services for the Khoros Marketing product Processing locations: Argentina Headquarter location: 2134 Rivadavia Avenue, Floor 3, Suite B Buenos Aires Argentina     Zendesk   Zendesk provides a cloud-based ticketing system for customer services provided in connection with Khoros Marketing products Processing locations: USA Headquarter location: 1019 Market Street San Francisco CA 94103 USA     Pendo Pendo provides in-product help, guidance and product announcements Processing locations: USA Headquarter location: 150 Fayetteville Street Raleigh NC 27601 USA     Squelch Integrates with apps to index data and provides an optimized search tool for support agents Squelch has contractually committed to becoming SOC2 certified Processing locations: USA Headquarter location: 555 Twin Dolphin Drive, Suite 170 Redwood City CA 94065 USA   Hyland Performs video processing for JX Communities  Hyland has committed to Privacy Shield certification Processing Locations: USA, Ireland Headquarters location:  28500 Clemens Road Westlake, Ohio 44145 +1.440.788.5000 video processin1-952-   Segment Performs provides data infrastructure for Khoros marketing   Segment has committed to Privacy Shield certification Processing Locations: USA Headquarters location:  100 California Street, Suite 700 San Francisco, CA 94111 USA o processin1-952-   In addition to the above, Khoros also utilizes the following subprocessors to provide certain optional services (as indicated below) to those Khoros customers who elect to purchase those optional services:   Ooyala, Inc.   Ooyala provides video storage and playback services for those customers who purchase the video option   Processing locations: USA, Australia, Mexico, Singapore, UK, Spain, France, Germany, Sweden Headquarter location: 4750 Patrick Henry Drive Santa Clara, CA 95054 USA   Box, Inc. Box provides file preview services for those customers who purchase the file preview option   Processing locations: USA Headquarter location: 1895 El Camino Real Palo Alto CA 94306 USA     Cloud Elements, Inc.   Cloud Elements  provides API integration platform services for integration with customers’ CRM applications Cloud Elements has contractually committed to comply with EC Standard Contractual Clauses Processing locations: USA, Ireland Headquarter location: 3001 Brighton Blvd. Suite #642 Denver, CO 80216 USA   Grazitti Interactive Grazitti provides online community and software development services including data migration, integrations, UX and UI services, Community Management, and L1/L2 post-live Support. Grazitti is ISO 27001 certified and SSAE 18 SOC 1 Type 2, SOC 2 Type 2 compliant Processing locations: India Headquarter location: Plot 198, Phase 2, Industrial Area Panchkula, HR India 134113   BI Worldwide (f/k/a Bunchball) Provides gamification functionality for JX Communities  Bunchball has contractually committed to comply with EC Standard Contractual Clauses   Processing Locations: USA with back=ups across multiple Availability Zones.  See https://aws.amazon.com/compliance/data-center/controls/ Headquarters location: 130 East 3rd Street Suite 202 Des Moines, IA 50309 1-952-563-2999 ms   Gong.io Provides SaaS conversation intelligence for all products as an optional service  Gong has contractually committed to Privacy Shield certification  Headquarters location: 130 East 3rd Street Suite 202 Des Moines, IA 50309 1-952-563-2999ms   Khoros also utilizes subcontractors that do not have any access to our customer’s data, and are therefore not listed in this Guide.
View full article
by Community Administrator Community Administrator Community Administrator Jan 31, 2020
Labels (4)
0
6062
Effective Date: January 31, 2020 What companies are subprocessors to Khoros?  The following companies are subprocessors to Khoros, LLC: AWS (locations in the USA and Ireland) Sumo Logic (AWS locations in the USA) Akismet (location in the USA) Persistent (location in India) ETI Software Solutions (formerly Netmania) (locations in USA, Bulgaria and UK) Akamai Technologies, Inc. (locations are global; for listing see Akamai site at https://www.akamai.com/us/en/locations.jsp )  Clarotest Consulting Lab (location in Argentina) Smooch Technologies, Inc. (AWS locations in the USA) Netbase Solutions, Inc. (locations in the USA) iTalent Corporation (locations in the USA, India and UK) Social Edge Consulting, LLC (locations in the USA, Canada, UK, Portugal and Spain) Grazitti Interactive (location in India) Direct Defense, Inc. (location in the USA) Salesforce.com, Inc. (location in the USA) Fastly (Khoros Marketing products)(locations are global; for listing see Fastly site at https://www.fastly.com/network-map ) VirtualMind (Spredfast products)(location in Argentina) Zendesk (Khoros Marketing products)(location in the USA) Pendo (Khoros Marketing products)(location in the USA) Squelch (location in the USA) SendGrid (location in the USA) BI Worldwide (f/k/a Bunchball) (Khoros JX Products) Hyland (Khoros JX Products) Gong (USA and Israel) Segment (USA) Khoros also utilizes the following subprocessors to provide certain optional services to those Khoros customers to elect to purchase those optional services: Ooyala, Inc. (locations in USA, Australia, Mexico, Singapore, UK, Spain, France, Germany, Sweden) (video storage and playback option) Box, Inc. (locations in USA) (file preview option) Cloud Elements, Inc. (locations in the US and Ireland) (API integration with customer’s CRM application)   Effective October 2, 2018, Lithium and Spredfast closed their merger transaction and the merged company rebranded to Khoros. New listings related to Spredfast-legacy products have been added above as “Khoros Marketing products.” Effective October 3, 2017, Lithium acquired the Jive-x external community platform from Jive Software, an Aurea company. As a result Lithium entered into a transition services agreement with Jive that will allow Jive, functioning as a subprocessor, to continue to provide Jive-x services for 12 to 15 months (now called Khoros JX).  Khoros also utilizes subcontractors that do not have any access to our customer’s data, such as, for example, Equinix and Wave Business which maintain data center facilities hosting Khoros’s main US-based data centers.   If you have any questions, please contact your Khoros Customer Success Representative. For more information about our subprocessors please see the Khoros Data Location and Subprocessor Guide by visiting: https://community.khoros.com/t5/Policies-and-Guidelines/Lithium-Data-Location-and-Subprocessor-Guide/ta-p/490163?_ga=2.207489424.2082712564.1572874105-692229348.1552060103&_gac=1.153305802.1571841125.CjwKCAjw9L_tBRBXEiwAOWVVCfvIGINgwqlOFJigugqmqUdOLkwDjnrPmBe3gHNkmy0KDEF6r-CyEhoCvwgQAvD_BwE What’s changed since our last version: Added: Gong Segment
View full article
by Khoros Staff Khoros Staff Jan 31, 2020
Labels (4)
0
12291
Khoros' steps to ensure GDPR Compliance
View full article
by Lithium Alumni (Retired) Lithium Alumni (Retired) Lithium Alumni (Retired) Dec 19, 2019
Labels (3)
12
20395
This article captures a complete inventory of personal data points used throughout Khoros products, for EU privacy compliance and other cases.
View full article
by Khoros Staff Khoros Staff Nov 21, 2019
Labels (4)
0
4949