Sub-processors

1. Introduction

WeSolve utilizes certain sub-processors to assist in providing our services. A sub-processor is a third-party data processor engaged by WeSolve who agrees to process personal data on behalf of WeSolve’s Customers in accordance with Customer instructions, as communicated by WeSolve, and under the terms of a written contract between WeSolve and the sub-processor.

2. Data Protection Agreements

We maintain written Data Processing Agreements (DPAs) with all our sub-processors. Each DPA outlines the roles and responsibilities of the parties when personal data is processed, ensuring compliance with Article 28 of the GDPR. For sub-processors located outside the EU, we have implemented Standard Contractual Clauses (SCCs) to ensure appropriate data protection safeguards for data transfers from the EU to third countries.

3. Third-Party Sub-Processors

WeSolve collaborates with third-party providers to deliver specific functions or features within our Service. These providers have access to relevant personal information to perform their functions, limited to specific purposes as outlined below:

3.1 Relevant for End-Users

The following sub-processors are utilized to provide the WeSolve Service and are part of the processing chain for sensitive, personal, and other data of end-users:

Necessary

• Microsoft Azure

• Google Tag Manager

• Sentry

• Google reCAPTCHA

Measurement

• Google Analytics 4

• Posthog

3.2 Relevant for Customers

The following sub-processors are used in connection with data related directly to the Customer that signed up for a WeSolve Workspace and not with end-users invited to the platform:

Necessary

• Microsoft Azure

• Google Tag Manager

• Sentry

• Chatwoot

• Google reCAPTCHA

• Stripe

Measurement

• Google Analytics 4

• Posthog

3.3 Relevant for WeSolve Website Visitors

Necessary

• Google Tag Manager

• Cloudflare

• Iubenda

Experience

• Google Fonts

Measurement

• Google Analytics 4

• Meta Events Manager

• Hotjar (Contentsquare)

Marketing

• Meta Pixel

• LinkedIn Pixel

4. Sub-Processor Description

4.5 Stripe

Stripe is a payment and credit card processing service provided by Stripe Inc. WeSolve uses Stripe for subscription and billing-related payments. The use of customer information is strictly limited to payment processing. WeSolve does not handle or store sensitive payment data.

• Personal Data processed: Customer contact email, name, IP address, and physical address.

• Sensitive Data processed: Customer credit card details.

• Other Data processed: Customer company name, subdomain, and subscription details.

• Place of processing: United States – Privacy Policy.

• Security and compliance: Security Hub measures in place.

• Certifications: PCI Service Provider Level 1, PCI DSS compliant.

• Additional measures: Stripe ensures full PCI compliance and encrypts all payment data.

4.6 Cloudflare (Cloudflare, Inc.)

Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all the traffic through this Website, i.e., communication between this Website and the User’s browser, while also allowing analytical data from this Website to be collected.

• Personal Data processed: Trackers and various types of Data as specified in the privacy policy of the service.

• Place of processing: United States – Privacy Policy.

• Trackers duration:

  • _cfuvid: indefinite

  • cf_clearance: 30 minutes

4.7 Iubenda

Iubenda hosts the Cookie Policy Content and only collects the Personal Data strictly necessary for it to be provided.

• Place of processing: Privacy Policy.

4.8 Chatwoot

Chatwoot is a customer support tool that facilitates user communication via chat.

• Cookies Used:

  • cw_conversation: Maintains conversation continuity as users navigate through webpages or revisit the website later.

  • cw_user_{identifier}: Caches contact details when a contact is identified via the setUser SDK method.

  • _chatwoot_session: Preserves user sessions within the Chatwoot Super Admin panel.

  • cw_d_session_info: Stores session information for logged-in users on the Agent Dashboard.

More information: Chatwoot Cookie Policy.

4.9 Google Analytics 4 (Google Ireland Limited)

Google Analytics 4 is a web analysis service provided by Google Ireland Limited. Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.

• Personal Data processed: Number of Users, session statistics, Trackers, and Usage Data.

• Place of processing: Ireland – Privacy Policy.

• Trackers duration:

  • _ga: 2 years

  • ga*: 2 years

4.10 Meta Events Manager (Meta Platforms Ireland Limited)

Meta Events Manager is an analytics service provided by Meta Platforms Ireland Limited. By integrating the Meta pixel, Meta Events Manager can give the Owner insights into the traffic and interactions on this Website.

• Personal Data processed: Trackers.

• Place of processing: Ireland – Privacy Policy.

• Trackers duration:

  • _fbp: 3 months

  • lastExternalReferrer: duration of the session

  • lastExternalReferrerTime: duration of the session

4.11 Contentsquare (Content Square Ltd)

Contentsquare is an analytics service provided by Content Square Ltd that gives the Owner insight into the use of this Website by Users.

• Personal Data processed: Clicks, mouse movements, scroll-to-page interactions, time zone, Trackers, and Usage Data.

• Place of processing: United Kingdom – Privacy Policy.

• Trackers duration:

  • _cs_c: 2 years

  • _cs_cvars: indefinite

  • _cs_ex: 1 month

  • _cs_id: 2 years

  • _cs_mk_aa: 30 minutes

  • _cs_mk_ga: 30 minutes

  • _cs_optout: 2 years

  • _cs_s: 30 minutes

4.12 PostHog Product Analytics (PostHog, Inc.)

PostHog product analytics is an analytics service provided by PostHog, Inc. that gives the Owner insight into the use of this Website by Users.

• Personal Data processed: Browser information, browsing history, clicks, device information, IP address, page views, and Trackers.

• Place of processing: Germany – Privacy Policy.

• Trackers duration:

  • ph_phc_*_posthog: 2 years

4.13 PostHog Feature Flags and A/B Testing (PostHog, Inc.)

PostHog feature flags and A/B testing is a feature flags and A/B testing service provided by PostHog, Inc.

• Personal Data processed: Device information, page views, Trackers, and Usage Data.

• Place of processing: Germany – Privacy Policy.

• Trackers duration:

  • ph_phc_*_posthog: 2 years

4.14 PostHog Session Replay (PostHog, Inc.)

PostHog session replay is a session recording service provided by PostHog, Inc.

• Personal Data processed: Device information, Trackers, and Usage Data.

• Place of processing: Germany – Privacy Policy.

• Trackers duration:

  • ph_phc_*_posthog: 2 years

4.15 Hotjar Heat Maps and Recordings (Hotjar Ltd.)

Hotjar is a session recording and heat mapping service provided by Hotjar Ltd. Hotjar honors generic “Do Not Track” headers. This means the browser can tell its script not to collect any of the User’s data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.

• Personal Data processed: Trackers, Usage Data, and various types of Data as specified in the privacy policy of the service.

• Place of processing: Malta – Privacy Policy.

4.16 Meta Ads Conversion Tracking (Meta Pixel) (Meta Platforms Ireland Limited)

Meta ads conversion tracking (Meta pixel) is an analytics service provided by Meta Platforms Ireland Limited that connects data from the Meta Audience Network with actions performed on this Website.

• Personal Data processed: Trackers and Usage Data.

• Place of processing: Ireland – Privacy Policy.

• Trackers duration:

  • _fbc: 3 months

  • _fbp: 3 months

  • fr: 3 months

4.17 LinkedIn Website Retargeting (LinkedIn Corporation)

LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects the activity of this Website with the LinkedIn advertising network.

• Personal Data processed: Trackers and Usage Data.

• Place of processing: United States – Privacy Policy.

• Trackers duration:

  • AnalyticsSyncHistory: 1 month

  • JSESSIONID: duration of the session

  • UserMatchHistory: 1 month

  • bcookie: 1 year

  • bscookie: 1 year

  • lang: duration of the session

  • li_gc: 7 months

  • lidc: 1 day

  • lissc: 1 year

  • lms_ads: 1 month

  • lms_analytics: 1 month

4.18 Google Fonts (Google Ireland Limited)

Google Fonts is a typeface visualization service provided by Google Ireland Limited that allows this Website to incorporate content of this kind on its pages.

• Personal Data processed: Trackers and Usage Data.

• Place of processing: Ireland – Privacy Policy.

4.19 PostHog Surveys (PostHog, Inc.)

PostHog Surveys is a form builder and data collection platform provided by PostHog, Inc. The service also allows the Owner to perform analyses and get insights on User responses and interactions with such forms.

• Personal Data processed: Answers to questions, device information, email address, IP address, Trackers, and Usage Data.

• Place of processing: Germany – Privacy Policy.

• Trackers duration:

  • ph_phc_*_posthog: 2 years

5. Changes in Sub-processors

Our business needs may change from time to time. For example, we may deprecate a sub-processor to consolidate and minimize our use of sub-processors. Similarly, we may add a sub-processor if we believe that doing so will enhance our ability to deliver our Services. Before engaging a sub-processors, we perform due diligence, including a security and legal analysis. We do not engage a sub-processor unless our quality, security and the standard of the GDPR are met.

Changes in sub-processors are regulated by the DPA we have in place with you.