Lithosphere The Lithium Community

CX Live 2018 logo

Lithium Data Location and Subprocessor Guide

Lithium Data Location and Subprocessor Guide

 

Lithium processes and stores its U.S., Canadian, and Asia/Pacific customers’ data primarily in the United States, and its European/ Middle Easter customers’ data primarily in the EU/ EEA, with some exceptions noted below. 

Customer Region

Lithium Application

Primary Storage

Back Up Storage

US/ Canada/Asia/Pacific

Lithium Community

US (Equinix in transition moving to AWS in 2018)

US (AWS)

US/ Canada/Asia/Pacific

Lithium Social Media Management (Reach and Response/ LSW)

US (AWS)

US (AWS)

US/ Canada/Asia/Pacific

Spredfast-legacy products

US (AWS)

US (AWS)

US

Lithium JX Community, formerly known as Jive-X

US (Jive)

US (Jive)

EU/ EEA/ Middle East

Lithium Community

The Netherlands (Equinix in transition moving to Ireland, AWS in 2018)

Ireland (AWS)

EU/ EEA/ Middle East

Lithium Social Media Management (Reach and Response/ LSW)

Ireland (AWS)

Ireland (AWS)

EU/ EEA/ Middle East

Spredfast-legacy products

US (AWS)

US (AWS)

EU

Lithium JX Community, formerly known as Jive-X

The Netherlands (Jive)

England (Jive)

Effective October 2, 2018, Lithium and Spredfast closed their merger transaction, and new listings related to Spredfast-legacy products have been added as appropriate.

Effective October 3, 2017, Lithium acquired the Jive-x external community platform from Jive Software, an Aurea company. As a result, Lithium entered into a transition services agreement with Jive that will allow Jive, functioning as a subprocessor, to continue to provide Jive-x services for 12 to 15 months.

Lithium provides customer support and conducts engineering work that might sometimes require limited access to our customers’ data from Lithium office locations in the U.S. and India.   

In addition, Lithium engages subcontractors outside the EU/ EEA that process some limited EU customer data such as log files, and spam email filtering, or that provide technical support to our European customers. 

Lithium requires that its subcontractors comply with security and data privacy standards at least as protective as those that Lithium commits to its customers, and this is reflected in our contracts with our subcontractors.  In relation to EU data privacy regulatory compliance, Lithium complies with the requirements of the EC Standard Contractual Clauses, and requires that its subcontractors that have access to Lithium customers’ data similarly comply. Further, Lithium will enter into the EC Standard Contractual Clauses with any European customer upon request.

 

  • AWS
    • AWS provides storage and virtual computing resources
    • Backups are stored in AES 256-bit encrypted format
    • AWS personnel do not have access to Lithium encryption keys
    • AWS is ISO 27001 certified and SOC 2 audited
    • AWS has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA, Ireland
    • Headquarter location:
      • 1200 12th Avenue South
      • Suite 1200
      • Seattle, WA, 98144-2734
      • USA

  • Akismet (formerly known as “Automattic, Inc.”)
    • Akismet is our spam content management service provider
    • Akismet has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter location:
      • 132 Hawthorne Street
      • San Francisco, CA 94107
      • USA

  • Sumo Logic
    • Sumo Logic processes only log data
    • Sumo Logic has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter location:
      • 305 Main Street
      • Redwood City, CA 94063
      • USA

  • Persistent
    • Persistent provides software development services
    • Persistent is ISO 27001 certified
    • Persistent has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: India
    • Headquarter location:
      • Bhageerath, 402
      • Senapati Bapat Road
      • PUNE – 411016
      • India

  • ETI Software Solutions (formerly Netmania)
    • ETI provides upgrade and maintenance of sites, L1/L2 support, and, at the customer’s request, customer migration services
    • ETI is ISO 27001 certified
    • ETI has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA, Bulgaria, UK
    • Headquarter location:
      • The Stables
      • Elmhurst Business Park
      • Park Lane
      • Elmhurst, WS13 8EX
      • United Kingdom

  • Infogain Corporation (formerly Blue Star Infotech America, Inc.)
    • Infogain provides software development services, and L1/L2 support
    • Infogain has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA, India
    • Headquarter location:
      • 485 Alberto Way
      • Suite 100
      • Los Gatos, CA 95032
      • USA

  • Direct Defense, Inc.
    • DirectDefense provides security incident response services.
    • DirectDefense will only be provided access in the event of a security incident
    • DirectDefense has contractually committed to comply with EC Standard Contractual Clauses
    • DirectDefese is SOC 2 audited
    • Processing locations: USA
    • Headquarter locations:
      • 385 Inverness Pkwy.
      • Suite 360
      • Englewood, CO 80112
      • USA

  • Akamai Technologies, Inc.
    • Akamai provides content delivery network (CDN) services
    • Akamai has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: Worldwide (for location list see Akamai site https://www.akamai.com/us/en/locations.jsp)
    • Headquarter location:
      • 8 Cambridge Center
      • Cambridge MA 02142
      • USA

  • Clarotest Consulting Lab S.R.L.
    • Clarotest provides software development, consulting and technical support services for the Lithium JX Community (formerly known as Jive-X)
    • Clarotest has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: Argentina
    • Headquarter location:
      • Franklin Roosevelt 2783, CABA
      • Buenos Aires, 1425
      • Argentina

  • Smooch Technologies, Inc.
    • Smooch provides a hosted service that helps extend Lithium’s conversational capabilities across all messaging channels made available by Smooch
    • Smooch has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter locations:
      • 5333 Casgrain, Suite 1201
      • Montreal, QC
      • H2T 1X3
      • Canada

  • Netbase Solutions, Inc.
    •  Netbase provides a specialized uploader for customer to transfer Lithium data exports via files into Netbase, and will partition customer data for restricted access by customer users
    • Netbase has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter locations:
      • 3960 Freedom Cir #201
      • Santa Clara, CA 95054
      • USA

  • iTalent Corporation
    • iTalent provides Community Managed Services that include software development, L1/L2 Support, and data assessment, mapping, appending, cleanings and migration services. In addition, iTalent provides project management and community management support services
    • iTalent has contractually committed to comply with the EC Standard Contractual Clauses
    • Processing locations: USA, UK and India
    • Headquarter locations:
      • 27 Devine Street
      • San Jose, CA 95110
      • USA

  • Social Edge Consulting, LLC
    • Social Edge provides software development services, L1/L2 support, project lifecycle management, and content migration services
    • Social Edge has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA , Canada, UK, Portugal, Spain
    • Headquarter location:
      • 79 Madison Avenue
      • New York, NY 10016
      • USA

  • Salesforce.com, Inc
    • Salesforce.com provides a cloud-based ticketing system for customer services provided in connection with Lithium products
    • Salesforce has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA
    • Headquarter location:
      • The Landmark at One Market, Suite 300
        San Francisco, CA 94105
        USA
  • Fastly
    • Fastly provides a content delivery network (CDN) services for Spredfast products
    • Processing locations: Worldwide (for location list see Fastly site https://www.fastly.com/network-map)
    • Headquarter location:
      • 475 Brannan St. #300
        San Francisco CA 94107
        USA
  • VirtualMind
    • VirtualMind provides software development services for the Spredfast Conversations product
    • Processing locations: Argentina
    • Headquarter location:
      • 2134 Rivadavia Avenue, Floor 3, Suite B
        Buenos Aires
        Argentina
  • SoftServe
    • SoftServe provides software development services for the Spredfast Conversations product
    • Processing locations: Ukraine
    • Headquarter location:
      • 2D Sadova Street
        Lviv, Ukraine 79021
  • GoodData
    • GoodData provides analytics for the Spredfast Conversations product
    • Processing locations: USA
    • Headquarter location:
      • 660 3rd Street
        San Francisco CA 94107 USA
  • Zendesk
    • Zendesk provides a cloud-based ticketing system for customer services provided in connection with Spredfast products
    • Processing locations: USA
    • Headquarter location:
      • 1019 Market Street
        San Francisco CA 94103
        USA
  • Pendo
    • Pendo provides in-product help, guidance and product announcements
      o Processing locations: USA
    • Headquarter location:
      • 150 Fayetteville Street
        Raleigh NC 27601
        USA

 

In addition to the above, Lithium also utilizes the following subprocessors to provide certain optional services (as indicated below) to those Lithium customers who elect to purchase those optional services:  

 

  • Ooyala, Inc.
    • Ooyala provides video storage and playback services for those customers who purchase the video option
    • Processing locations: USA, Australia, Mexico, Singapore, UK, Spain, France, Germany, Sweden
    • Headquarter location:
      • 4750 Patrick Henry Drive
      • Santa Clara, CA 95054
      • USA

 

  • Box, Inc.
    • Box provides file preview services for those customers who purchase the file preview option
    • Processing locations: USA
    • Headquarter location:
      • 1895 El Camino Real
      • Palo Alto CA 94306
      • USA

 

  • Cloud Elements, Inc.
    • Cloud Elements provides API integration platform services for integration with customers’ CRM applications
    • Cloud Elements has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: USA, Ireland
    • Headquarter location:
      • 3001 Brighton Blvd.
      • Suite #642
      • Denver, CO 80216
      • USA

 

  • Infoesearch Information Technology Enabled Services, a Private Limited Company
    • Infoesearch provides content moderation services to Lithium customers who purchase moderation services from Lithium
    • Infosearch has contractually committed to comply with EC Standard Contractual Clauses
    • Processing locations: India
    • Headquarter location:
      • IT Block 1,Wing A, III Floor
      • NSL Arena (SEZ), IDA Uppal
      • Telangana Hyderabad -500039
      • India

 

  • ServiceRocket, Inc.
    • ServiceRocket provides a hosted portal for accessing Lithium training and education materials
    • ServiceRocket is SSAE 16 SOC2 Type 2 certified
    • ServiceRocket is Privacy Shield certified
    • Processing locations: USA
    • Headquarter location:
      • 2741 Middlefield Rd.
      • Suite 200
      • Palo Alto, CA 94306
      • USA

 

  • Grazitti Interactive
    • Grazitti provides online community and software development services including data migration, integrations, UX and UI services, Community Management, and L1/L2 post-live Support.
    • Grazitti is ISO 27001 certified and SSAE 18 SOC 1 Type 2, SOC 2 Type 2 compliant
    • Processing locations: India
    • Headquarter location:
      • Plot 198, Phase 2, Industrial Area
      • Panchkula, HR
      • India 134113          

 

Lithium also utilizes subcontractors that do not have any access to our customer’s data, and are therefore not listed in this Guide.

 

Subprocessor detail chart:

Vendor

Usage / Lithium Applications

Access Type

Transfer or Access

Security Audit
SSAE 16 SOC 2

Security Certification
ISO 27001

Controls

AWS

Cloud hosting for Lithium Community and SMM

Logical access to data is  possible

No data is transferred (stays in region)

Yes

Yes

Data is encrypted. Only Lithium has keys.

Sumo Logic

Log collection and storage for Lithium Community and SMM

Log files only

Logs are transferred to servers in USA

Yes

Yes

Log data is encrypted.  Sumo has keys.

Akismet

Spam detection for Lithium Community

No access to PII (only content)

Content is transferred to API end point in USA

No

No

Short-term access to content only.

Persistent

Outsourcing for Lithium Community and SMM

Development services

Access from India

No

Yes

Same as Lithium employees.

ETI Software Solutions (formerly Netmania)

Outsourcing for Lithium Community and SMM

Support, Migration, Upgrades

Access from Bulgaria, Italy, and UK

No

Yes

Same as Lithium employees.

Ooyala

Video playback and storage for Lithium Community

Access to uploaded videos is possible

Storage in the USA

Yes

No

Ooyala has access to videos.

Box

File storage for customers using the File Preview feature  of Lithium Community and/or SMM

Access to file attachments is possible

Storage in the USA

Yes

Yes

Files are stored encrypted. Box has access to keys.

Infogain Corporation

Outsourcing for Lithium Community and SMM

Support and troubleshoot

Access from USA and India

Yes

Yes

Same as Lithium employees.

Cloud Elements, Inc.

API integration platform (for CRM integration with Lithium SMM)

Logical access is possible

No data is transferred (stays in region)

No

No

EC Model Clauses and audit rights

Direct Defense, Inc.

Incident Response

Logical access to logfiles and other data is possible

Data is transferred to DirectDefense ShareFile servers in a SOC 2 certified SaaS environment.

Yes

No

Multi-Factor Authentication required for access.  Data is encrypted in transit and at rest. Least privilege access control processes are in place.

Akamai Technologies, Inc.

Content Delivery Network for Lithium Community

Logical access to data is possible

Data is transferred to the nearest Akamai network POP within the geographical origin area of the end user request

Yes

ISO 27002

EC Model Clauses and annual review of SOC 2 audit report

Infoesearch

Content moderation services

Logical access to data is possible

No data is transferred (stays in region)

Yes

Yes

Data is encrypted. Only Lithium has keys.

ServiceRocket, Inc.

Cloud hosting for Lithium training and education materials for Lithium Community and SMM

Logical access to data is  possible

Transfer to US hosting facilities

Yes

No

Data is encrypted. Only Lithium has keys.

Clarotest Consulting Lab S.R.L.

Development services and support for the Lithium JX Community

Some access to customer data as part of outage mitigation.

Access from Argentina

No

No.

ISO 9001 instead.

Comply with Lithium’s security requirements.

Smooch Technologies, Inc.

Hosted service that helps extend Lithium's conversational capabilities

Logical access to data is  possible

Storage in USA

In progress

No

Data is encrypted.

Netbase Solutions, Inc.

Ingestion and analysis of customer’s Lithium Data

Logical access to data is  possible

Storage in USA

Yes

No

EC Model Clauses and audit rights

iTalent Corporation

Outsourcing for Lithium Community and Lithium JX Community

Support and trouble-shoot, migration and upgrades, Some access to customer data

Access from USA , UK and India

Yes

Yes

EC Model Clauses and audit rights

Social Edge Consulting, LLC

Outsourcing for Lithium Community and Lithium JX Community

Support and trouble-shoot, migration and upgrades, Some access to customer data

Access from USA, Canada, UK,  Portugal and Spain

Yes

Yes

EC Model Clauses and audit rights

Grazitti Interactive

Outsourcing for Lithium Community

Support and trouble-shoot, migration and upgrades, Some access to customer data

Access from India

No – SSAE 18 SOC 1 and SOC 2

Yes

EC Model Clauses and audit rights

Salesforce.com, Inc.

Hosted service that provides customer support ticketing for Lithium products

Logical access to data is possible

Data storage in USA.

Yes

Yes

EC Model Clauses; also see https://trust.salesforce.com/en/compliance/

Fastly

Content Delivery Network for Spredfast

Logical access to data is possible

Data is transferred to the nearest Fastly POP within the geographical origin area of the end user request

Yes

No

https://docs.fastly.com/guides/compliance/

VirtualMind

Outsourcing for Spredfast products

Development services

Access from Argentina

No

No

Same as Lithium Employees

SoftServe

Outsourcing for Spredfast products

Development services

Access from Ukraine

No

Yes

Same as Lithium Employees

GoodData

Hosted service that provides customer facing analytics for Spredfast products

Logical access to data is possible

Storage in USA

Yes

Yes

Data is encrypted

Zendesk

Hosted service that provides customer support ticketing for Spredfast products

Some access to customer data possible

Storage in USA

Yes

Yes

Data is encrypted

Pendo

Hosted service that provides in-product help, guidance and product announcements.

Some access to customer data possible

Storage in USA

Yes

No

Data is encrypted

 

Version history
Revision #:
5 of 5
Last update:
3 weeks ago
Updated by:
 
Contributors