Annex 4 to DPA
Third party subcontractors
<p> </p>
<p>The following list contains all of the subcontractors that WeVideo uses which collects user data.</p>
<p>At minimum, policies/DPAs with our subcontractors must be reviewed annually to ensure they continue to meet our privacy requirements.</p>
<p> </p> Name
Purpose
Collected Data Contains Student Data? Amazon Web Services <p>Infrastructure and functionality for WeVideo.
App server, file storage, database, delivery and more.
</p>
<p>Name, email address, device metadata (ip address), user generated content </p>
<p>Yes </p> Hubspot <p>CRM &.
Email campaigns (including incident response) </p>
<p>Name, email address, marketing related usage tracking.
</p>
<p>No, students are opted out.
</p> Mixpanel <p>Analytics </p>
<p>Email address (if not student), user activity within application (features used, etc) </p>
<p>No, anonymized data.
</p> Zendesk <p>Customer Support </p>
<p>Email address, and anything the user opts into </p>
<p>No, unless student opts in.
</p> Google Analytics <p>Analytics </p>
<p>Device metadata (ip address) </p>
<p>No </p> Google Tag Manager (facebook, bing, linkedin, pinterest, twitter, yandex, disqus, addthis, doubleclick.net) <p>Managing cookies </p>
<p>Device metadata (ip address) </p>
<p>No </p> Fullstory <p>Analytics </p>
<p>User session activity </p>
<p>No </p> PayPal <p>Handling self service (non purchase order) subscriptions.
</p>
<p>PCI compliant data for processing payment and managing subscription (email address, payment info) </p>
<p>No (unless user signs up for non EDU personal plan) </p> Stripe <p>Handling self service (non purchase order) subscriptions.
Credit card payments for POs.
</p>
<p>PCI compliant data for processing payment and managing subscription (email address, payment info) </p>
<p>No (unless user signs up for non EDU personal plan) </p> Baremetrics <p>Payment analysis, expired card notification </p>
<p>Email address </p>
<p>No (unless user signs up for non EDU personal plan) </p> Salesforce <p>CRM software </p>
<p>Information on leads, quotes </p>
<p>No </p> TrackJS <p>Error tracking </p>
<p>Error logs (anonymized) </p>
<p>No </p> sentry.io <p>Error tracking </p>
<p>Error logs (anonymized) </p>
<p>No </p> Google Play Store <p>Handling self service (non purchase order) Android subscriptions.
</p>
<p>PCI compliant data for processing payment and managing subscription (email address, payment info)</p>
<p>No (unless user signs up for non EDU personal plan) </p> Apple App store <p>Handling self service (non purchase order) iOS subscriptions.
</p>
<p>PCI compliant data for processing payment and managing subscription </p>
<p>No (unless user signs up for non EDU personal plan) </p> Storyblocks <p>Stock media library </p>
<p>Media usage </p>
<p>No </p> Impact <p>Affiliate program </p>  .
<p>No </p>
<p> </p>
<p> </p>
<p>Non user facing (user will never be subject to this via any cookie, visit or app etc, but could contain data for example if it was breached) </p>
<p> </p> Name <p>Purpose </p>
<p>Collected Data </p>
<p>Google Workplace (Alphabet) </p>
<p>Enterprise solution (email, etc) </p>
<p>Potentially PII is stored here from email communication or perhaps forms/documents in Drive </p>
<p>Atlassian </p>
<p>Development and issue tracker </p>
<p>Generally userid’s are used here instead of PII, but there are cases where it is relevant and could be exposed in a breach.
</p>
<p>Slack </p>
<p>Company communication </p>
<p>Potentially PII is stored here from chat communication.
</p>
<p>Github </p>
<p>Code hosting platform for version control and collaboration </p>
<p>Very unlikely there is any PII here but it’s good to mention.
</p>
<p>Tableu </p>
<p>Data visualization and data analytics tool </p>
<p>BI </p>
<p>Intacct </p>
<p>Accounting software </p>
<p>Invoice information, accounts receivable/payable contact (email address) </p>
<p>Groove </p>
<p>Salesforce email add on that holds customer and lead information </p>
<p>PII like names, emails etc </p>
<p> </p>
<p>Change Notification Request</p>
<p> </p>