Sub-processors

last modified: 4th of Januray 2023

fortrabbit wouldn't be possible without relying on third party services. We have carefully reviewed and chosen our business partners. We have mapped all data we share with third party providers, the kind of data collected and to which geographical destinations it is transferred. All of our sub-processors have been assessed for security and GDPR compliance. Enacted contract amendments and Data Processing Agreements (DPAs) are in place where applicable.

The following third party services transparency report gives you an overview which external services we use, how and why.

Infrastructure & data centers

The fortrabbit platform runs on Amazon Web Services (AWS). That includes our web properties (www, blog, help and dashboard) and most importantly the Apps our clients create here. Various different services from AWS (EC2, RDS, S3, Route53, Cloudfront, etc) are used in combination. See AWS Service Terms.

Payment processing

Credit card billing information is stored with our credit card payment processor Stripe directly. In addition we also provide Stripe with your zip code to ensure correct authorization. Stripe might also store your IP and user agent data collected from your browser. We only keep a minimum of information on our side: a reference and an identifier. SEPA bank account information is stored with our databases. Terms available on request.

Usage statistics

We use Matomo (previously Piwik) to analyze traffic and help us to improve your user experience. We store minimal data. Your IP address is anonymized. Cookies are stored on your browser. This data is only processed by us. See the Matomo website.

Marketing & tracking

We might potentially use Google AdWords for re-marketing, as it is an effective way to stay on the radar of potential clients (it is currently disabled). We might also advertise on Twitter in a similar way: for this we would share information about your visit: think "Tailored Audiences" (this is also currently disabled).

Client communication

In order to help you successfully deploy and manage your applications here, we need to be able to communicate with you. In most cases we will use chat or contact you by e-mail.

Support service

The little chat bubble on the bottom right is powered by Intercom. This service collects some meta-data, like browser, operating system and geo-location when you interact and provide your name and e-mail to get in touch with us. For identified Accounts we share your name, company, e-mail and the additional meta-data via API. This helps us giving you a personal and fast support. In general the support channel is chat, but it is not limited to that. The help desk is also employed when you write an e-mail to "support@fortrabbit.com" and possibly other addresses. Sometimes our answers in the support desk might be delivered by e-mail to make sure they'll reach you. When you delete your Account with fortrabbit, the connected data-set will also get deleted. See Intercom Terms.

Product information subscription

We use MailChimp to occasionally send e-mail updates to subscribed Accounts. These e-mails include relevant information on service updates and feature announcements, so these are not newsletters in the classical sense. With MailChimp we share e-mail addresses and names (for personalization). New fortrabbit Accounts get signed up for the newsletter automatically. That's why you need to confirm that we contact you by e-mail upfront. Each newsletter — of course — includes a one-click opt-out option. Additionally, there is an Account notification setting with the Dashboard to manage subscriptions. We will write from "pleasereply@fortrabbit.com". See MailChimp Terms.

Personal e-mails

We are required by law to store all business communication for ten years. So we will save your e-mails, when you contacts us by e-mail. Our personal mail (MX) accounts are by Google (gSuite). See gSuite Terms.

Transactional e-mails

We use Postmark to send automated transactional e-mails to Accounts. These e-mails include relevant information. They are either triggered by intervals or user interaction. Examples are: "double opt-in sign-up", "invoice notice", "trial expire notice" or "password reset". Naturally, there is no opt-out for these. Again, that's why you need to confirm that you are willing to be contacted by e-mail when signing up. We will write from "pleasereply@fortrabbit.com". See Postmark Terms.

Status updates

Accounts can subscribe — via opt-in — to fortrabbit service status updates for downtimes and incidents. This optional service is provided by SorryApp. See SorryApp Terms. It is possible to subscribe by e-mail and Slack. It is available under status.fortrabbit.com. For the e-mail subscriptions Mailgun (see terms) is used.

Recruitment software

We use software to manage our hiring processes, to evaluate and track applicants. Currently we use Recruitee for this. Open positions can be found under fortrabbit1.recruitee.com. See Recruitee Terms.

Account meta data

We will store additional meta-data with your Account when you sign up. This includes your IP, the time and a possible referrer. We use MaxMind to convert the IP to a geo-location that will also be stored with your Account. This is an important corner stone in fraud and phishing protection.

During signup, you might need to solve a Captcha. We use this to protect us from fraudulent signups. We use hCaptcha for this, their terms and privacy applies.

Internal case management

We use Trello as an internal ticketing system to keep track of ongoing business tasks. We might link client cases from the chat system or billing related information there as well. See Atlassian Cloud Terms.

Account profile pictures

We send a hash of your e-mail address to the Gravatar service to see if you have an Account over there. If you have, we display your profile picture from over there; if not, a unique generic profile icon will be displayed. See Gravatar Terms.

Accounting

We employ a tax agency called Ecovis, as well as potentially other accountants to help us with financial accounting. Naturally, these service providers have reading access to billing related data and invoices. Billing related data, like invoices, are stored with Google Drive (Google Apps for Business).

Embedded content

In certain cases we might embed content from other web services in our websites. This can be a hotlink, some JS, or an iframe. Examples are a YouTube video, or a poll by Google forms or just an image from another website. Of course, this might contain your IP and a timestamp as well.

Fraud protection

We validate associated e-mail addresses when registering an Account against lists of trashmail providers. We use ZeroBounce for that. Certain tyope of e-mails will not be accepted for Account registration.

Content Delivery Network

We use a CDN to serve static assets (JS,CSS) on all of the fortrabbit websites (www, blog, help, dashboard). The CDN helps us to deliver those files fast, from your nearest location. The CDN URL is "static.frbit.name" or "cdn.fortrabbit.com". Currently we are using KeyCDN services for this. When your browser sends the requests to those files, your IP address will be transmitted. See KeyCDN Terms.

Website screenshots

We use a service to display screenshots of client Apps with the fortrabbit Dashboard. Currently we are using page2images for this service. The service might grab periodic screenshots of the App's default domain.

Knowledge base

We have knowledge base software to document our internal standard procedures. In some cases some client data might be referenced in there. This applies to extra settings or individual agreements for clients. Currently we are using Notion for this, see the Notion Terms & Privacy.

Code hosting

Our own original code base is hosted on GitHub for the most part. This does not concern any client data.

FOSS

In addition to all the useful commercial services listed above, fortrabbit would not be possible without free and open-source software. We make use of thousands of different open-source software packages.

Disclaimer

To err is human. We do our best to keep this page up-to-date, complete and correct. We reserve the right to add, change or remove certain services and practices without further announcement.