Hut 42 Services Ltd and its affiliates engage third-party subprocessors and Hut 42 Services Ltd affiliates to help us provide services to our customers. A subprocessor is a third-party processor engaged by Hut 42 Services Ltd or in some cases, an Hut 42 Services Ltd affiliate, who receives data from Hut 42 Services Ltd and processes personal data on behalf of our customers.
As a condition of permitting a subprocessor to process personal data, Hut 42 Services Ltd (and its affiliates as applicable) will enter into a written agreement with each subprocessor containing data protection obligations at least as protective as the technical and organizational measures Hut 42 Services Ltd has put into place to protect customer personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.
Our chosen sub processors are ISO 27001 accredited, we subscribe to updates to their sub-processor list and review changes accordingly.
Please subscribe below to receive notifications of subprocessor changes.
Amazon Web Services, Inc.
The data is stored in AWS RDS and AWS S3 in Region EU West 2 (London). You can find out more about the security principles in place by visiting the link below.
https://aws.amazon.com/compliance/gdpr-center/
The data is stored (at rest) on Heroku, below are the technical details:
All production plans (Standard, Premium, Private and Shield) are encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Case files are stored in AWS S3 and are only accessible through the use of a specific Identity and Access Management (IAM) policy which is used by the application and is not exposed to users of the platform.
As a managed service, Amazon S3 is protected by the AWS global network security procedures that are described in the Amazon Web Services: Overview of Security Processes.
https://d1.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
The Supplier will treat all personal data in accordance with the requirements of the Information Commissioner’s Office.
Terms of Service
https://aws.amazon.com/service-terms/
Subprocessors
https://aws.amazon.com/compliance/sub-processors/
Heroku (Salesforce)
In transit (including during user login) we https encrypt, SHA-256.
https://www.heroku.com/policy/security
Both the intermediate and end-entity certificates (where the signatures matter) use SHA-256.
Terms of Service
https://www.salesforce.com/company/legal/sfdc-website-terms-of-service/
Subprocessors
https://www.salesforce.com/company/legal/trust-and-compliance-documentation/