The follow list represents the sub-processors associated with Acuity PPM software delivery.
Amazon Web Services (AWS)
- Purpose: Hosting infrastructure and data storage
- Data Processed: Customer data, application logs, backups
- Data Location: USA (primary in Virginia) or EMEA (on request)
- Certifications/Controls: ISO 27001, SOC 2, PCI DSS, FedRAMP
Auth0 (a product of Okta)
- Purpose: User authentication and identity management
- Data Processed: User email addresses, login credentials, authentication metadata
- Data Location: USA
- Certifications/Controls: ISO 27001, ISO 27018, SOC 2, GDPR-compliant
Mailgun
- Purpose: Transactional email delivery (e.g., password resets, alerts)
- Data Processed: User email addresses and notification message content
- Data Location: USA or EU (based on configuration)
- Certifications/Controls: SOC 2, GDPR-compliant DPA
Netlify
- Purpose: Static site hosting for the public marketing website
- Data Processed: Public website content only (no personal data)
- Data Location: USA
- Certifications/Controls: SOC 2, ISO 27001
Hasura
- Purpose: GraphQL API layer for querying application data
- Data Processed: Application metadata, user actions, project data
- Data Location: USA
- Certifications/Controls: TLS encryption, SOC 2, role-based access
Google Workspace
- Purpose: Internal communication, file storage, and productivity tools
- Data Processed: Internal employee data and operational communications
- Data Location: USA
- Certifications/Controls: ISO 27001, SOC 2, GDPR-compliant DPA
GitHub (Microsoft)
- Purpose: Source code management and version control
- Data Processed: Application source code, commit metadata
- Data Location: USA
- Certifications/Controls: SOC 2, ISO 27001, FedRAMP
