To more fully comply with the requirements of GDPR and worldwide information security and privacy regulations, RapidRatings has decided to provide full transparency into our vendors and sub-processors under GDPR.
Currently, all RapidRatings vendors house data in the United States of America.
Core Service Providers
RapidRatings services requires the use of the following underlying core service providers to fulfil our service to our clients and FHRX Members.
| Feature/Function | PII Description | Data location | Vendor requires access to data | Vendor may request access to data | |
| AWS | IaaS, PaaS | No PII | USA | N | N |
| MS Dynamics | Counterparty Management & workflow | Supplier contact details: Name, Email, Phone number | USA | N | N |
| Zendesk | Client Service desk | Client contact details: Name, Email | USA | N | Y |
| Office 365 | Email, Intranet, document repository, collaboration | Client or supplier email addresses from direct correspondence | USA | N | N |
| Salesforce | Sales, leads, opportunities | Client contact details: Name, Email, phone number | USA | N | Y |
| Churn Zero | Client Engagement management | Client end user contact details: Name, Email | USA | N | N |
| Gong.io | Client engagement management | Call recording, client email | USA | N | N |
| Linked Squares | Client Contract Management | Contract PII | USA | N | N |
Technical Providers
The following services are used for various technical service management functions. The services below are managed in-house but reside on external vendors platforms.
| Vendor | Feature/Function | PII Description | Data location | Vendor requires access to data | Vendor may request access to data |
| Alert Logic | Security services, IDS, logging | Log data | USA | Y | Y |
| DataDog | Application and system logging | Log data | USA | N | N |
| Mailgun | Outbound Email infrastructure | Log data | USA | N | Y |
| SentryIO | Application Event Management | Log data | USA | N | Y |
| Stripe | Payment Processor | No PII | USA | N | Y |
| heap.io | Usage analytics | No PII | USA | N | Y |
Note that log data may contain PII such as user ID or email.
Updates to the Vendor and Sub-Processor List
All vendors are assessed in detail at the onset of an engagement to ensure that they meet the high standards of information security, privacy, and compliance to industry, legal, and regulatory frameworks.
RapidRatings periodically assesses whether each vendor is the best fit for RapidRatings, as well as our clients and FHRX Member’s needs. If a change needs to be made, RapidRatings will post the updated Vendor and Sub-Processor list periodically.