Information Security
      Back to home
      1. Help Center
      2. Legal & Privacy
      3. Information Security

      List of Subprocessors

      At magicplan, we prioritize the protection and privacy of our users' data. In order to provide our services effectively, we engage with trusted third-party subprocessors who assist us in various aspects of our operations.

      Company

      Location

      Description of Services

      enapt GmbH

      Germany


      Product Development, Marketing, and Customer Support Services.

      Technologies Sensopia Inc. and its affiliated company, enapt GmbH, Goethetr. 25A, 80336 Munich, Germany, are jointly responsible. In this respect, the companies have defined in an agreement which of them fulfils which data protection obligation. The essential content of this joint controllership agreement is available to you on request.

      Copy of Joint Controllership Agreement on request via support@magicplan.app.

      IT Reimers GmbH

      Germany

      Server administrators. Responsible for operations, monitoring, backups and recovery verification.

      Amazon AWS

      United States of America


      Data is hosted in the United States in Amazon Webservices data centers. Data is encrypted in-transfer, not at-rest. AWS data centers and network architecture meet the requirements of the most security-sensitive organizations. AWS CustomerAgreement: https://aws.amazon.com/agreement/ 

      AWS has certificates issued in relation to the ISO 27001 certification, the ISO 27017 certification, and the ISO 27018 certification. AWS has implemented and will maintain robust technical and organizational measures for the AWS network. More on AWS Cloud Security:
      https://aws.amazon.com/security/

      AWS will notify its customers of a security incident without undue delay after becoming aware of the security incident.

      The AWS GDPR Data Processing Addendum has been contracted:  https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

      AWS will process customer data only in accordance with customer instructions. The Supplementary Addendum on Customer Data Requests has been contracted: https://d1.awsstatic.com/Supplementary_Addendum_to_the_AWS_GDPR_DPA.pdf 

      More on AWS GDPR Compliance: https://aws.amazon.com/compliance/gdpr-center/

      Google LLC

      Products: Firebase, BigQuery

      United States of America

      Analyze overall usage, categorize user groups, and optimize our products. Google Firebase processes data anonymously.

      Google uses servers located in the EU for these services wherever possible. However, it cannot be ruled out that data may also be transferred to the USA. If you want to know more about Google Firebase and Big Query data protection, click here:
      https://firebase.google.com/support/privacy/
      https://cloud.google.com/bigquery/docs/data-governance

      HubSpot Inc.

      United States of America

      HubSpot CRM: User Name, Email Address, Usage data (magicplan App), Support Conversations, Website Cookies (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed)

      If you interact with our website (e.g. registration or newsletter subscription) we can record the personal information you provide us (e.g. your name and email address). If you generally do not want this information to be collected by HubSpot, you can prevent the storing of cookies at any time by adjusting your browser settings. Please refer to HubSpot Inc's privacy policy at https://legal.hubspot.com/privacy-policy

      The legal basis for the associated data processing is Art. 6 (1) f) GDPR, i.e. the processing is necessary to fulfil our legitimate interest in constantly improving the content, functionality and attractiveness of the cloud on the basis of an analysis of your usage behavior. Data Processing Agreement: https://legal.hubspot.com/dpa

      Mailjet SAS

      France

      When providing emails to customers and prospective customers, either as a result of customers signing up for an account and entering into an agreement with Technologies Sensopia Inc., we use the external service provider Mailjet, based on a data processing agreement. The email processing service of Mailjet enables us to analyze the reactions of email recipients, e.g. how many recipients open emails and how often links in emails are clicked. By conversion tracking, we can also determine if pre-defined actions follow the clicking of links. More information about the handling of user data by Mailjet can be found in their privacy policy:https://www.mailjet.com/security-privacy/

      You may object to this processing of data by unsubscribing from the respective email service at any time. The easiest way to do so is to click on the “Unsubscribe” link which can be found at the end of every email.

      The legal basis for this processing of data is either Art. 6 para. 1 b) DSGVO or a) DSGVO in conjunction with your consent and Art. 6 para. 1 f) (balancing of interests – based on our interests to understand how relevant our emails are for recipients in order to make them as interesting as possible).