Skip to main content

Enveyo Subprocessor Disclosure

1.   Authentication Subprocessor

1.1  Authentication services

Customers may use Google as a third-party authentication services with Enveyo. The information delivered to us is determined by the third-party authentication service. At any time, and in our sole discretion, we may decommission any third-party authentication method we deem to be a security or privacy risk. We are liable to you for any privacy risk to you from our failure to correctly implement an authentication method in accordance with the specifications of the third-party authentication service. We are not liable for any risk or claims arising from your implementation, management, or deployment practices from your selected authentication service. We are not liable to you for misconduct, design failures, or security risks—deliberate or inadvertent—by your selected third-party authentication service.

2.   Our data stores

2.1  The Enveyo database

Enveyo databases stores customer shipping data. The database is encrypted in motion and at rest. This database is hosted by (and thus disclosed to) subprocessor Amazon Web Services (https:// aws.amazon.com/compliance/data-privacy-faq/) (AWS) under obligations of confidentiality and with no right of use of personal data.

Security measures for AWS are available here (https://aws.amazon.com/compliance/programs/)

Privacy statements from AWS are available here (https://aws.amazon.com/compliance/data-privacy/)

2.2  Additional data stores for Enveyo Customers

If you pay us money or receive money from us, your name, address, and contact data may be stored in one or more of these systems we use for payment and accounting purposes:

Intuit (https://www.intuit.com/privacy/protect-your-privacy/) Stripe (https://stripe.com/privacy)

We may store documents received from you in one of these locations.

Google (https://policies.google.com/privacy?hl=en&fg=1) (emails, file shares, information collection and storage, and other secure document sharing)

Atlassian (https://www.atlassian.com/legal/privacy-policy#what-information-we-collect-about-y ou) (details of customer-requested features or bug requests)

Salesforce(https://www.salesforce.com/company/legal/privacy/)

3.   Analytics

We use Google Analytics G4. We have GDPR controls turned on. We anonymize data we send to Google. You can see Google’s privacy policy here – https://policies.google.com/privacy ?hl=en-US (https://policies.google.com/privacy?hl=en-US)