1. Introduction
This document provides a comprehensive catalog of third-party services integrated with or used by the Smartta AI platform. We believe in transparency about our technology stack and data processing partnerships to help you make informed decisions about using our services.
All third-party integrations are carefully vetted for security, privacy compliance, and reliability standards. This catalog is updated regularly to reflect changes in our service providers and integrations.
Privacy and Data Protection
All third-party services listed here are subject to our Privacy Policy and Data Processing Agreement. We ensure that data transfers to third-party services comply with applicable data protection laws including GDPR, CCPA, and Australian Privacy Act.
2. Essential Platform Services
Core Infrastructure & Authentication
Services that provide fundamental platform functionality and user authentication
Amazon Web Services (AWS)
- Purpose:
- Cloud infrastructure, data storage, computing resources
- Data Processed:
- All application data, user information, file storage
- Location:
- Sydney, Australia (ap-southeast-2)
- Privacy Policy:
- AWS Privacy Notice
- Security Certifications:
- ISO 27001, SOC 2, PCI DSS
Auth0 by Okta
- Purpose:
- User authentication and identity management
- Data Processed:
- Email addresses, authentication tokens, login metadata
- Location:
- Australia and United States
- Privacy Policy:
- Auth0 Privacy Policy
- Security Features:
- Multi-factor authentication, anomaly detection
Cloudflare
- Purpose:
- Content delivery network, DDoS protection, security
- Data Processed:
- IP addresses, request metadata, performance analytics
- Location:
- Global network with data centers in Australia
- Privacy Policy:
- Cloudflare Privacy Policy
- Compliance:
- GDPR compliant, EU-US Data Privacy Framework
Database & Data Management
Services for data storage, processing, and backup
Database and caching services are locally hosted on our own infrastructure - no third-party database sub-processors are used.
3. Communication & Notification Services
SendGrid by Twilio
- Purpose:
- Transactional email delivery, notifications
- Data Processed:
- Email addresses, email content, delivery statistics
- Location:
- United States with global infrastructure
- Privacy Policy:
- Twilio Privacy Policy
- Compliance:
- GDPR, CCPA, PIPEDA compliant
Twilio SMS
- Purpose:
- SMS notifications and two-factor authentication
- Data Processed:
- Phone numbers, SMS content, delivery status
- Location:
- Global with Australian local numbers
- Privacy Policy:
- Twilio Privacy Policy
- Retention:
- Message logs retained for 30 days
4. Analytics & Monitoring
Analytics and monitoring services are locally hosted on our own infrastructure - no third-party analytics sub-processors are used.
5. Payment & Billing
Stripe
- Purpose:
- Payment processing, subscription billing
- Data Processed:
- Payment information, billing addresses, transaction history
- Location:
- Global with Australian entity (Stripe Payments Australia)
- Privacy Policy:
- Stripe Privacy Policy
- Security:
- PCI DSS Level 1 certified
Xero
- Purpose:
- Accounting and financial management integration
- Data Processed:
- Invoice data, payment records, financial transactions
- Location:
- Australia and New Zealand
- Privacy Policy:
- Xero Privacy Policy
- Integration:
- Read-only access via OAuth 2.0
6. Development & Deployment Tools
GitHub
- Purpose:
- Source code management, CI/CD pipelines
- Data Processed:
- Source code, development workflows, deployment logs
- Location:
- United States
- Privacy Policy:
- GitHub Privacy Statement
- Access:
- Limited to authorized development team members
Docker Hub
- Purpose:
- Container image registry and deployment
- Data Processed:
- Application container images, deployment metadata
- Location:
- United States
- Privacy Policy:
- Docker Privacy Policy
- Security:
- Image vulnerability scanning enabled
Security and Compliance Measures
- Data Processing Agreements: All service providers have signed DPAs ensuring GDPR compliance
- Security Assessments: Regular security reviews and vulnerability assessments
- Access Controls: Principle of least privilege applied to all integrations
- Monitoring: Continuous monitoring of data flows and access patterns
- Incident Response: Established procedures for security incident management
7. Data Transfer and Processing
For third-party services located outside Australia:
- We ensure adequate protection through Standard Contractual Clauses (SCCs)
- Data Processing Agreements (DPAs) are in place with all providers
- We conduct regular compliance audits and assessments
- Data minimization principles are applied to all transfers
- Users are notified of cross-border data transfers as required by law
8. Your Rights and Controls
You have the following rights regarding data processed by third-party services:
- Access: Request information about data processed by third parties
- Rectification: Correct inaccurate data held by service providers
- Erasure: Request deletion of your data from third-party systems
- Portability: Obtain your data in a machine-readable format
- Objection: Object to processing by specific third-party services
To exercise these rights, contact us using the information in the Contact section below.
9. Updates and Changes
This catalog is reviewed and updated quarterly or when significant changes occur to our third-party integrations. We will notify users of material changes that may affect data processing or privacy.
Version history is maintained to track all changes and ensure transparency in our service provider relationships.
Contact Information
For questions about third-party services or data processing:
- Privacy Team: privacy@smartplace.ai
- Security Team: security@smartplace.ai
- Legal Team: legal@smartplace.ai
- Data Protection Officer: dpo@smartplace.ai