iStockist’s Corporate Trust Commitment
iStockist is committed to achieving and maintaining the trust of our customers. Integral to this mission is providing a robust security and privacy program that carefully considers data protection matters across our suite of services, including data submitted by customers to our services (“Customer Data”).
This section describes the architecture of, the security- and privacy-related audits and certifications received for, and the administrative, technical and physical controls applicable to, the services
Architecture and Data Segregation
The Covered Services are operated in a multitenant architecture that is designed to segregate and restrict Customer Data access based on business needs. The architecture provides an effective logical data separation for different customers via customer-specific “Organization IDs” and allows the use of customer and user role-based access privileges.
Additional data segregation is ensured by providing separate environments for different functions, especially for testing and production. The specific infrastructure used to host Customer Data is described in the “Infrastructure and Sub-processors” documentation available here.
The Covered Services are hosted on the infrastructure of a public cloud provider (“Public Cloud Infrastructure”). This infrastructure is described in the “Infrastructure and Sub-processors” documentation. This means the underlying physical infrastructure on which your Customer Data is stored will be with a public cloud provider for what is commonly referred to as Infrastructure as a Service, and the Covered Services will run on top of the public cloud provider.
Certain features of the Covered Services use functionality provided by third parties. Emails are sent using a third-party email service Mailjet. This includes identifiable information such as the first and last name, email address, phone number, and physical business address.
Control of Processing
iStockist has implemented procedures designed to ensure that Customer Data is processed only as instructed by the customer, throughout the entire chain of processing activities by iStockist and its sub-processors. In particular, iStockist and its affiliates have entered into written agreements with their sub-processors containing privacy, data protection and data security obligations that provide a level of protection appropriate to their processing activities.
Compliance with such obligations as well as the technical and organizational data security measures implemented by iStockist and its sub-processors are subject to regular audits.
The “Infrastructure and Sub-processors” documentation describes the sub-processors and certain other entities material to iStockist’s provision of the Covered Services.