7Sigma Sub-Processor Policy

As of August 2025

​

7Sigma uses certain sub-processors and content delivery networks to assist in providing Software and Services to customers. 

​

Sub-processor Definition

A sub-processor is a third-party data processor engaged by 7Sigma, including providers, vendors, contractors, and subcontractors, who have or potentially will have access to or process Data (which may contain Personal Data). 7Sigma engages different types of sub-processors to perform various functions.

​

Due Diligence

7Sigma undertakes to use a commercially reasonable selection process to evaluate the security, privacy, and confidentiality practices of proposed sub-processors that may have access to or otherwise process Data.

​

Contractual Safeguards

7Sigma requests its sub-processors to satisfy equivalent obligations as those required from 7Sigma (as a Data Processor) as set forth in 7Sigma’s Data Privacy Policy, including but not limited to the requirements to:

• In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;

• Follow best practices with security and data protection; 

• Implement and maintain appropriate technical and organizational measures including measures consistent with those to which 7Sigma is contractually committed to adhere to. 

• Promptly inform 7Sigma about any actual or potential security breach; and

• Cooperate with 7Sigma in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.

​

This policy does not give Customers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided, if required or upon request, to illustrate 7Sigma’s engagement process for sub-processors as well as to provide the actual list of third party sub-processors used by 7Sigma as of the date of this policy (which 7Sigma may use in the delivery and support of its Services).

 

Where feasible, 7Sigma requires sub-processors to provide evidence of third-party security certifications, audit reports, or equivalent documentation demonstrating their adherence to industry-standard security practices.

​

This policy and all sub-processing activities are designed to comply with applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA).

​

7Sigma Sub-processors

 

Below is a list (as of the date of this policy) of the names and locations of 7Sigma sub-processors.

​

Infrastructure Sub-processors – Service Data Storage and Processing

7Sigma owns or controls access to the infrastructure that 7Sigma uses to host and process Data, other than as set forth herein. Currently, the 7Sigma production systems are used for hosting Data in the infrastructure sub-processors listed below. 

​

Customer accounts are typically established in a region based on where the customer is located, but may be shifted among locations to ensure performance and availability of 7Sigma’s Software and Services. 

 

7Sigma ensures that sub-processors only have access to the minimum necessary data required to fulfill their function and that access is granted based on the principle of least privilege.

 

The following table describes the countries and legal entities engaged by 7Sigma in the storage of Data. 7Sigma also uses additional services provided by these sub-processors to process Data as needed to provide the Services.

​

​

​

​

​

​

 

 

 

 

Review and Reassessment of Sub-processors

7Sigma conducts regular (at least annual) assessments of all sub-processors to ensure continued compliance with 7Sigma’s security and privacy obligations, including vulnerability assessments and audits as appropriate.

 

Notification of Changes 

7Sigma does not provide proactive notifications of changes to its list of sub-processors. However, 7Sigma maintains a current list of sub-processors, which is made available to customers through a designated online resource. Customers are encouraged to review this list periodically to stay informed of any updates.

 

Content Delivery Networks

As explained above, 7Sigma’s Services may use content delivery networks (“CDNs”) to provide the Software and Services, for security purposes, and to optimize content delivery. CDNs do not have access to Data but are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider.