To more fully comply with the requirements of GDPR and worldwide information security and privacy regulations, RapidRatings has decided to provide full transparency into our vendors and sub-processors under GDPR.
Currently, all RapidRatings vendors house data in the United States of America.
Core Service Providers
RapidRatings services requires the use of the following underlying core service providers to fulfil our service to our clients and FHRX Members.
Vendor | Feature/Function | PII Description | Data location | Vendor requires access to data | Vendor may request access to data |
AWS | IaaS, PaaS | No PII | USA | N | N |
Zendesk | Client Service desk | Client contact details: name and email | USA | N | Y |
Office 365 | Email, Intranet, document repository, collaboration | Client or supplier email from direct correspondence | USA | N | N |
AlphaStream | Data entry automation | Financial records processing | USA | Y | Y |
Salesforce | Sales, leads, opportunities | Client contact details: name, email, phone number | USA | N | Y |
Churn Zero | Client Engagement management | Client end user contact details: name, email | USA | N | N |
Gong.io | Client engagement management | Call recording, client email | USA | N | N |
Linked Squares | Client Contract Management | Contract PII | USA | N | N |
Technical Providers
The following services are used for various technical service management functions. The services below are managed in-house but reside on external vendors platforms.
Vendor | Feature/Function | PII Description* | Data location | Vendor requires access to data | Vendor may request access to data |
AI Type |
Alert Logic | Security services, IDS, logging | Log data | USA | Y | Y | ML |
DataDog | Application and system logging | Log data | USA | N | N | ML |
Mailgun | Outbound Email infrastructure | Log data | USA | N | Y | None |
SentryIO | Application Event Management | Log data | USA | N | Y | None |
Stripe | Payment Processor | No PII | USA | N | Y | None |
heap.io | Usage analytics | No PII | USA | N | Y | None |
Note that log data may contain PII such as user ID or email.
Use of Artificial Intelligence
While RapidRatings does not explicitly choose vendors for their artificial intelligence capability, vendors may employ artificial intelligence technology (designated by “ML” meaning machine learning or “Gen” meaning generative AI) in the fulfillment of the service to RapidRatings. Our Artificial Intelligence Usage Policy requires that generative AI is not used for the fulfillment of the service by Technical Providers, but may be used in a supporting role by Core Service Providers, such as for client management or documentation. Machine learning technology is permitted in all tools, including Core Service Providers and Technical Providers required for the fulfillment of the service. In the event that generative AI is used, responsibility for the quality and accuracy of content created rests with the user, not with the AI.
Updates to the Vendor and Sub-Processor List
All vendors are assessed in detail at the onset of an engagement to ensure that they meet the high standards of information security, privacy, and compliance to industry, legal, and regulatory frameworks.
RapidRatings periodically assesses whether each vendor is the best fit for RapidRatings, as well as our clients and FHRX Member’s needs. If a change needs to be made, RapidRatings will post the updated Vendor and Sub-Processor list periodically.