Contrast Security and Privacy

list of sub-processors as of September 20, 2021

To deliver the Contrast Security products, and provide related support and services, Contrast Security may engage and use certain sub-processors and sub-contractors. Contrast Security maintains an up-to-date list of the entities, functions, and locations of our sub-processors. You can obtain a copy of the most current listing by contacting compliance@contrastsecurity.com or completing the form below.

Contrast Security performs vigorous assessments on the information security and data protection practices of its sub-processors and requires each to commit to written obligations regarding their security measures and compliance with applicable personal data protection laws and regulations.

Tier 1/Sub-Processors for Infrastructure and Security

Third Party Entity	Function/ Use Case	Data Types Processed	Location of Processing	Additional Comments
Amazon Web Services (AWS)	Cloud Hosting Provider	Any Confidential Data captured in Vulnerabilities or Attack Trace Data, Admin User Information	United States Japan	All U.S. data remains within the United States. All data of customers in Japan remains within the Japan region. Please follow the link to see how AWS complies with Japan’s Act on the Protection of Personal Information (APPI). https://aws.amazon.com/privacy/
Datadog	Log Aggregation, Alerting and Security Anomaly Detection	Any Confidential Data captured in Vulnerabilities or Attack Trace Data, Admin User Information	United States	https://www.datadoghq.com/legal/privacy/
Lacework	Infrastructure Monitoring, Vulnerability Management, Threat Intelligence, Compliance Reporting	Vulnerability Data Related to the SaaS Environment	United States	https://www.lacework.com/privacy-policy/
Splunk On-Call (Formerly VictorOps)	On-call Paging	Vulnerability Data Related to the SaaS Environment, Incident Data, Support Ticket Data	United States	https://victorops.com/privacy https://www.splunk.com/en_us/legal/privacy/privacy-policy.html?_ga=2.162503743.2094243843.1628629885-81658133.1628629885
Sumo Logic, Inc.	Log Aggregation, Alerting and Security Anomaly Detection	Confidential Data captured in Vulnerabilities or Attack Trace Data, Admin User Information	United States	https://www.sumologic.com/privacy-statement/
Tenable, Inc.	Vulnerability Scanning	Vulnerability Data Related to the SaaS Environment	United States	https://www.tenable.com/privacy-policy
Threat Stack, Inc.	Infrastructure Monitoring, Vulnerability Management, Threat Intelligence, Compliance Reporting	Vulnerability Data Related to the SaaS Environment	United States	https://www.threatstack.com/privacy

Tier 2/Sub-Processors for CRM and Business Operations

Third Party Entity	Function/ Use Case	Location of Processing	Additional Comments
Atlassian, Inc.	Bug Tracking, Project Management, Documentation, Intranet	United States
DiscoverOrg	Marketing, CRM Insights Tool	United States
Gainsight, Inc.	Customer Relationship Management (CRM)	United States
Google Workspace	Email, File Storage, Collaboration, Hosting, Platform Services	United States
Highspot, Inc.	Marketing, Sales Enablement	United States
Hubspot, Inc.	Customer Relationship Management (CRM)	United States
iWAconsolti	Engineering/Development Support	Mexico
Mechdyne	IT Support Services	United States
MentorMate	Engineering/Development Support	Bulgaria
Microsoft	Email, Office Suite, Code Hosting Platform, Source Code Control (GitHub)	United States
Netsuite (Oracle Corporation)	Finance and Invoicing Software	United States
New Relic, Inc.	Application Performance Monitoring (APM)	United States
Salesforce, Inc.	Customer Relationship Management (CRM), Collaboration and Communication (Slack)	United States
SalesLoft	Customer Relationship Management (CRM), Sales Engagement	United States
Zoom	Conference Calling, Communication	United States
Zoominfo	Marketing, Advertising	United States