Data Processing Addendum

Last Updated July 27, 2024

This Data Processing Addendum (“Addendum”) is supplementary to, and forms part of Gradcut Service Agreement (the “Agreement”) between Edit on the Spot Pty Ltd trading as Gradcut (ABN 38651049160) of 11/22 Clarke Street, Vaucluse, New South Wales, Australia (as applicable) (“Gradcut”) and the entity or person(s) identified as Customer referencing this Addendum (as applicable) (“Customer”). This Addendum applies where and to the extent that Gradcut is acting as a Processor or service provider (as applicable) of Personal Data on behalf of Customer under the Agreement. In the event of any conflict between this Addendum and the Agreement, this Addendum shall prevail to the extent of such conflict.

 

1. Definitions and Interpretation

In this Addendum, the following terms shall have the following meanings:

“Applicable Privacy Laws” means all worldwide data protection and privacy laws and regulations applicable to the Personal Data in question.

“Australian Privacy Laws” means all laws, regulations, principles, and codes in Australia that govern the collection, use, storage, disclosure, and handling of personal information. This includes, but is not limited to:

Privacy Act 1988 (Cth): The principal piece of Australian legislation regulating the handling of personal information about individuals. It includes:

Australian Privacy Principles (APPs): A set of 13 principles that provide a framework for the collection, use, storage, and disclosure of personal information, as well as principles related to governance, accountability, and rights to access and correction.

Notifiable Data Breaches (NDB) Scheme: Part of the Privacy Act 1988, it requires organisations to notify individuals and the Office of the Australian Information Commissioner (OAIC) about data breaches that are likely to result in serious harm.

Spam Act 2003: Regulates the sending of commercial electronic messages and prohibits the use of address-harvesting software.

State and Territory Legislation: Various laws that operate in different Australian states and territories, which may apply to specific types of personal information or organisations, such as health records or public sector data.

European Privacy Laws” means (i) Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR“); (ii) the Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); (iv) Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance; and (v) in respect of the United Kingdom the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) and any applicable national legislation that replaces or converts in domestic law the GDPR including the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419) (“UK GDPR“) or any other law relating to data and privacy as a consequence of the UK leaving the European Union (in each case, as may be amended, superseded or replaced).

U.S. Privacy Laws” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., including its regulations and the amendments made by the California Privacy Rights Act of 2020 (“CCPA”) and any privacy laws passed by other U.S. states, to the extent applicable to Gradcut’s Processing of Personal Data under the Agreement.

EU SCCs” means the standard contractual clauses for the transfer of personal data to third countries pursuant to GDPR as approved by the European Commission’s Implementing Decision (EU) 2021/914 of 4 June 2021, as completed, amended, superseded or replaced from time to time in accordance with this Addendum and incorporated herein by reference.

“Data Subject” means an identified or identifiable individual whose Personal Data is processed.

Personal Data” means any information relating to an identified or identifiable individual or any other information defined as ‘personal data’ or ‘personal information’ under Applicable Privacy Laws.

Personal Data Breach” means any accidental, unlawful or unauthorised access, acquisition, use, modification, disclosure, loss, destruction of or damage to Personal Data or any other unauthorised Processing of Personal Data.

Process” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, alteration, use, access, disclosure, copying, transfer, storage, deletion, alignment or combination, restriction, adaptation, retrieval, consultation, destruction, disposal, or other use of Personal Data.

“Restricted Transfer” means (i) where the EU GDPR applies, a transfer of Personal Data from the EEA to a country outside the EEA which is not subject to an adequacy determination by the European Commission; (ii) where the UK GDPR applies, a transfer of Personal Data from the UK to any other country which is not based on adequacy regulations pursuant to Section 17A of the UK GDPR; and (iii) where the Swiss Addendum applies, a transfer of Personal Data to a country outside of Switzerland which is not included on the list of adequate jurisdictions published by the Swiss Federal Data Protection and Information Commissioner. 

Services” means the services Gradcut is obligated to provide pursuant to the Agreement.

Subprocessor” means a processor of a Processor.

Transfer” means the access by, transfer or delivery to, or disclosure to a person, entity or system of Personal Data where such person, entity or system is located in a country or jurisdiction other than the country or jurisdiction from which the Personal Data originated.

UK SCCs” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (available as of the Last Updated date of this Addendum at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/), completed as set forth in this Addendum and  as amended, superseded or replaced from time to time in accordance with this Addendum, and incorporated herein by reference.

The terms “Controller” (which includes “Business” as defined in the CCPA), “Data Subject” (which includes “Consumer” as defined in Privacy Laws), “Processor” (which includes “Service Provider” as defined in the CCPA) are defined as in Privacy Laws.

Any capitalised terms used but not defined in this Addendum shall have the meanings given to them under the Agreement.

2. Processing of Personal Data

Relationship of the parties: Customer is a Controller or Business (as applicable) of the Personal Data described in Annex 1.B (the “Data“) and Gradcut shall process the Data solely as a Processor or Service Provider (as applicable) on behalf of Customer. Gradcut and Customer shall each comply with their respective obligations under Applicable Privacy Laws and further guidance from data protection authorities with respect to such processing. Where the concepts of Controller and Processor are not expressly contemplated by Applicable Privacy Laws, the parties’ obligations in connection with this Addendum shall be interpreted under those Applicable Privacy Laws to align as closely as possible with the scope of those roles while still complying fully with those Applicable Privacy Laws.

Purpose limitation: Gradcut shall process the Data as necessary to perform its obligations under the Agreement and strictly in accordance with the documented instructions of Customer (the “Permitted Purpose“). Gradcut shall not: (i) retain, use, disclose or otherwise process the Data for any purpose other than the Permitted Purpose (including for its own commercial purpose), except where otherwise required by any law applicable to Gradcut; or (ii) “sell” the Data within the meaning of the CCPA, VCAddendum or otherwise. Gradcut shall immediately inform Customer if it becomes aware that Customer’s processing instructions infringe Applicable Privacy Laws but without obligation to actively monitor Customer’s compliance with Applicable Privacy Laws. The parties acknowledge that Customer’s transfer of Data to Gradcut is not a “sale” of Personal Data within the meaning of Applicable Privacy Laws and Gradcut provides no monetary or other valuable consideration to Customer in exchange for the Data.

International transfers: To the extent that Gradcut transfers the Data (or permits the Data to be transferred) to a country other than the country in which the Data was first collected, it shall first take such measures as are necessary to ensure that the transfer is made in compliance with Applicable Privacy Laws. Such measures may include (without limitation) transferring the Data to a recipient that has executed standard contractual clauses adopted by the European Commission, UK Secretary of State or Information Commissioner’s Office or Brazilian Data Protection Authority (as applicable) or transferring the Data to a recipient that has executed a contract with Gradcut that ensures the Data will be protected to the standard required by Applicable Privacy Laws. Gradcut will also protect the Data in a way that overall provides comparable safeguards to the country in which the Data was first collected.

Standard contractual clauses: To the extent that the transfer of Data from Customer to Gradcut involves a Restricted Transfer, the SCCs shall be incorporated by reference and form an integral part of this Addendum with Customer as “data exporter” and Gradcut as “data importer”. For the purposes of the SCCs: (i) the module two (controller to processor) terms shall apply and the module one, three and four terms shall be deleted in their entirety; (ii) in Clause 9, Option 2 shall apply; (iii) in Clause 11, the optional language shall be deleted; (iv) in Clause 17, Option 1 shall apply and the SCCs shall be governed by Irish law; (v) in Clause 18(b), disputes shall be resolved before the courts of Ireland; (vi) the Annexes of the SCCs shall be populated with the information set out in the Annexes to this Addendum; and (vii) if and to the extent the SCCs conflict with any provision of the Agreement (including this Addendum), the SCCs shall prevail to the extent of such conflict.

  1. UK transfers: In relation to Data that is protected by the UK GDPR, the SCCs as incorporated under Section 2.4 shall apply with the following modifications: (i) the SCCs shall be amended as specified by the UK Addendum, which shall be incorporated by reference; (ii) Tables 1 to 3 in Part 1 of the UK Addendum shall be deemed completed using the information contained in the Annexes of this Addendum; (iii) Table 4 in Part 1 of the UK Addendum shall be deemed completed by selecting “importer”; and (iv) any conflict between the SCCs and the UK Addendum shall be resolved in accordance with Section 10 and Section 11 of the UK Addendum.

b.Swiss transfers: In relation to Data that is protected by the Swiss Addendum, the SCCs as incorporated under Section 2.4 shall apply with the following modifications: (i) references to “Regulation (EU) 2016/679” shall be interpreted as references the Swiss Addendum; (ii) references to “EU,” “Union,” and “Member State” shall be replaced with “Switzerland”; (iv) references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the “Swiss Federal Data Protection and Information Commissioner” and the “competent Swiss courts”; and (v) the SCCs shall be governed by the laws of Switzerland and disputes shall be resolved before the competent Swiss courts.

 

Confidentiality of processing: Gradcut shall ensure that any person that it authorises to process the Data (including Gradcut’s staff, agents and subcontractors) (an “Authorised Person“) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty). Gradcut shall ensure that all Authorised Persons process the Data only as necessary for the Permitted Purpose.

 

Security: Gradcut shall implement appropriate technical and organisational measures to protect the Data from the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, access to the Data (a “Security Incident“).

 

Subprocessing: Customer authorises Gradcut to engage third-party Processors (“Subprocessors“) to process the Data for the Permitted Purpose provided that:

 

  1. a) Gradcut provides reasonable prior notice at least 14 days before the proposed addition or replacement of any Subprocessor by posting details at the url ​​https://www.gradcut.com/legal/data-processing-addendum in order to allow Customer to raise any reasonable objections on grounds of data protection;
  2. b) Gradcut imposes data protection terms on any Subprocessor it engages that ensure substantially the same standard of protection provided under this Addendum and Gradcut remains fully liable for any breach of this Addendum caused by an act, error or omission of its Subprocessors.

Gradcut’s current Subprocessors are identified at the url ​​https://www.gradcut.com/legal/data-processing-addendum 

For the purposes of Clause 9(c) of the SCCs, Customer acknowledges that Gradcut may be restricted from disclosing Subprocessor agreements to Customer due to confidentiality obligations. Where Gradcut cannot disclose a Subprocessor agreement to Customer, Customer shall provide all information (on a confidential basis) it reasonably can in connection with such agreement.

 

Cooperation and Data Subjects’ rights: Gradcut shall provide all reasonable and timely assistance to Customer to enable Customer to respond to: (i) any request from a Data Subject to exercise any of its rights under Applicable Privacy Laws (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a Data Subject, regulator or other third party in connection with Gradcut’s processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to Gradcut, Gradcut shall promptly inform Customer providing full details of the same.

 

Data Protection Impact Assessment: Gradcut shall provide Customer with all such reasonable and timely assistance as Customer may require in order to comply with its obligation under Applicable Privacy Laws to conduct data protection impact assessments and, if necessary, to consult with its relevant data protection authority.

 

Security Incidents: Upon becoming aware of a Security Incident, Gradcut shall inform Customer without undue delay and shall provide all such timely information and cooperation as Customer may reasonably require in order for Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Privacy Laws. Gradcut shall further take all such measures and actions as are reasonably necessary to remedy or mitigate the effects of the Security Incident and keep Customer informed of all material developments in connection with the Security Incident. Customer will not communicate or publish any notice or admission of liability concerning any Security Incident which directly or indirectly identifies Gradcut (including in any legal proceeding or in any notification to regulatory authorities or affected Data Subjects) without Gradcut’s prior approval, unless Customer is compelled to do so under applicable law. In any event, Customer shall provide Gradcut with reasonable prior written notice of any such communication or publication.

 

Deletion or Return of Data: Upon termination or expiry of the Agreement, Gradcut shall (at Customer’s election) destroy or return to Customer all Data (including all copies of the Data) in its possession or control. This requirement shall not apply to the extent that Gradcut is required by any law to retain some or all of the Data, in which event Gradcut shall isolate and protect the Data from any further processing except to the extent required by such law until deletion is possible.

 

Audit Rights. Unless otherwise required by Applicable Law, Gradcut will allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer of its operations and systems, as follows:

  1. If the requested audit scope is addressed in an ISO or similar audit report issued by a third party auditor within the prior twelve (12) months and Gradcut provides such report to Customer confirming there are no known material changes in the controls audited, Customer agrees to accept the findings presented in the third party audit report in lieu of requesting an audit of the same controls covered by the report.
  2. In the event an audit report is not provided, any audit, whether by Customer or a third party, must be limited to no more than once per twelve (12) month period, and Customer will (i) conduct the audit only on an agreed date during normal business hours (9:00 am – 5:00 pm local time); (ii) limit its audit to only one business day; and (iii) pay Gradcut’s then-current audit fee.
  3. If a third party is to conduct the audit, Customer will provide at least thirty (30) days’ advance notice. The third-party auditor must be reasonably agreed to by the parties (without prejudice to any governmental authority’s audit power). Gradcut will not unreasonably withhold its consent to a third-party auditor requested by Customer, unless such third-party auditor is a competitor or another customer of Gradcut’s. Any third-party auditor must execute a written confidentiality agreement acceptable to Gradcut.
  4. Customer must promptly provide Gradcut with the results of any audit, including any third-party audit report. All such results and reports, and any other information obtained during the audit (other than Customer’s Personal Data) are confidential information of Gradcut. Customer may use the audit reports only for the purposes of meeting Customer’s regulatory audit requirements and/or confirming compliance with the terms of this Addendum.
  5. Nothing herein will require Gradcut to disclose or make available: (i) any data of any other customer of Gradcut; (ii) Gradcut’s internal accounting or financial information; (iii) any trade secret of Gradcut; (iv) any information that, in Gradcut’s reasonable opinion, could (1) compromise the security of Gradcut systems or premises; or (2) cause Gradcut to breach its obligations under Applicable Law or its security and/or privacy obligations to Customer or any third party; or (v) any information sought for any reason other than the good faith fulfilment of Customer’s obligations under the SCCs or Privacy Laws.  

 

Modifications. If Privacy Laws require modifications to this Addendum, Customer and Gradcut agree to negotiate such changes in good faith as necessary to comply with Privacy Laws.

ANNEXES

ANNEX I

  1. LIST OF PARTIES

Data exporter(s): 

  1. Name: The Customer who is a party to the Agreement.

Address: As set out in the Agreement

Contact person’s name, position and contact details: As set out in the Agreement.

Activities relevant to the data transferred under these Clauses:  Data importer will process the data in order to provide the Services pursuant to the Agreement.

Role: Controller

Data importer(s):

  1. Name: Edit on the Spot Pty Ltd trading as Gradcut

Address:

Contact person’s name, position and contact details: Product Owner, support@Gradcut.com

Activities relevant to the data transferred under these Clauses: Data importer will process the data in order to provide the Services pursuant to the Agreement.

Role: Processor 

  1.   DESCRIPTION OF TRANSFER

The categories of data subjects whose personal data is transferred:

The categories of Data Subjects about whom Gradcut processes Personal Data are determined and controlled by Customer, in its sole discretion, which may include, but are not limited to, the following. Each category includes current, past and prospective members of the category. Where any of the following is a business or organisation, it includes their staff.

  • employees including volunteers, agents, temporary and casual workers
  • customers and clients (including their employees, volunteers, agents, temporary and casual workers)
  • suppliers (including their employees, volunteers, agents, temporary and casual workers)
  • social media members or supporters
  • shareholders
  • relatives, guardians and associates of the data subject
  • complainants, correspondents and enquirers
  • experts and witnesses
  • advisers, consultants and other professional experts
  • students, pupils, and university staff and officials

Categories of personal data transferred:

Customer may submit Personal Data in audio-video files to the Services. Customer controls the types of Personal Data submitted, which may include, but is not limited to Personal Data relating to the following categories of data: 

  • Personal details, including any information that identifies the data subject and their personal characteristics.
  • Family, lifestyle and social circumstances.
  • Education and training details.
  • Employment details.
  • Goods or services provided and related information, including details of the goods or services supplied, licences issued, and contracts. 

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures:

None

The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis):

Ad-hoc or regular transfers for the duration of the Agreement.

Nature of the Processing:

The Personal Data Processed shall be subject to the following basic Processing activities:

  • Receiving audio and video files and other data, including, collection, accessing, retrieval, recording, and data entry
  • Holding data, including storage, organisation and structuring
  • Using data, including analysing, consultation, testing, automated decision making and profiling 
  • Updating data, including correcting, adaptation, alteration, alignment and combination
  • Protecting data, including restricting, encrypting, and security testing
  • Sharing data, including disclosure, dissemination, allowing access or otherwise making available 
  • Returning data to the data exporter or data subject
  • Erasing data, including destruction and deletion

Purpose(s) of the data transfer and further processing:

To provide the Services pursuant to the Agreement.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:

For the duration of the Agreement and for such time thereafter as is required for Gradcut to return and/or delete the Personal Data in accordance with the Agreement, except where otherwise required by Applicable Law.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:

Subprocessors described in Schedule 3 to the Addendum. Ancillary service providers supporting the Data Importer in its provision of the Services.

Third countries or international organisations to which the personal data will be transferred, if applicable:  

Transfer to and from the U.S. from the originating jurisdiction of the data exporter.

  1. COMPETENT SUPERVISORY AUTHORITY

To the extent legally permissible, the Competent Supervisory Authority shall be the Irish Data Protection Commission.

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Gradcut has implemented and shall maintain commercially reasonable and appropriate technical and organisational measures to protect Personal Data against accidental loss, destruction or alteration, unauthorised disclosure or access, or unlawful destruction, including the policies, and procedures and internal controls set forth in this Annex II.

More specifically, to the extent that Customer provides to Gradcut or Gradcut otherwise accesses Customer’s Personal Data in connection with the Addendum, Gradcut shall implement an Information Security Program that includes administrative, technical and physical safeguards to ensure the confidentiality, integrity and availability of Personal Data, protect against any reasonably anticipated threats or hazards to the confidentiality, integrity and availability of Personal Data, and protect against unauthorised access, use, disclosure, alteration or destruction of Personal Data. In particular, Gradcut’s Information Security Program shall include, but not be limited to the following safeguards where appropriate or necessary to ensure the protection of Personal Data:

  1. Measures of pseudonymisation and encryption of personal data

Gradcut encrypts Data transmitted between customers and the Gradcut application over public networks using TLS 1.2 or higher. Customer Data stored on Gradcut’s servers is encrypted using AES 256 or stronger.

  1. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services

Gradcut has personnel responsible for oversight of security and privacy. It has appointed Heads of Security, Privacy and Data, together with an Information Security Committee that meets quarterly to discuss privacy and security risks managed in its risk registers.

  1. Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident

In order to support availability of the service, Gradcut utilises Akamai/Linode and Amazon Web Services (AWS) auto-scaling, AWS availability zones, extensive application and infrastructure monitoring, and 24×7 application support rosters.

Gradcut maintains backups of the data stores, including Customer Data, that support the core functionalities of the Gradcut application. Backups are stored in a location geographically-separated from the primary data storage location.

Gradcut maintains a security incident response capability that includes a documented Personal Data Incident Response Plan for security incidents involving Data. This defines how we contain, respond, assess, communicate incidents, as well as roles and responsibilities of Gradcut personnel and a requirement for post-incident reviews.

  1. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing

Gradcut engages a specialist third-party security tester to perform an annual penetration test of its application and infrastructure. Gradcut also employs a third-party application vulnerability scanning service and runs a public bug bounty program.

  1. Measures for user identification and authorisation

Where a Customer’s account contains a password for authentication, Gradcut stores the password salted and hashed using an industry-standard password hashing function. Gradcut supports Single Sign On (SSO) integration with a customer identity provider using OAuth.

  1. Measures for the protection of data during transmission

As per item 1, Gradcut encrypts Data transmitted over public networks between customers and the Gradcut application using TLS 1.2 or higher.

  1. Measures for the protection of data during storage

As per item 1, Customer Data stored on Gradcut’s servers is encrypted using AES 256 or stronger.

  1. Measures for ensuring physical security of locations at which personal data are processed

The service is hosted and Data is stored within data centres provided by Amazon Web Services (AWS) and Akamai/Linode. As such, Gradcut relies on the physical, environmental and infrastructure controls of AWS/Akamai/Linode. Gradcut periodically reviews certifications and third-party attestations provided by them relating to the effectiveness of its data centre controls.

  1. Measures for ensuring events logging

Gradcut maintains application and infrastructure security audit logs. Audit logs are analysed to detect anomalous activity.

  1. Measures for internal IT and IT security governance and management

Gradcut staff access to Customer Data is role-based and follows the principle of least privilege. Staff are only provided with sufficient access to Customer Data to be able to discharge their responsibilities effectively. Remote network access to Gradcut systems requires encrypted communication via secured protocols and use of multi-factor authentication. Gradcut has established and will maintain procedures for password management for its personnel, designed to ensure passwords are personal to each individual, and inaccessible to unauthorised persons, including at minimum:

– cryptographically protecting passwords when stored in computer systems or in transit over the network;

– altering default passwords from vendors; and

– education on good password practices.

Staff access to production infrastructure requires multi-factor authentication (MFA).

Gradcut staff are subject to confidentiality obligations and a Personal Data Handling Policy. Gradcut requires its staff to undergo information security awareness training, both at the commencement of their employment and then annually thereafter. 

  1. Measures for ensuring data minimisation

Gradcut allows visitors to use certain functionalities of its platform anonymously and minimises the Data it requires from Customers to only what is necessary to provide the service requested.

  1. Measures for ensuring limited data retention

Gradcut maintains a Data Retention Policy setting out the retention periods for various types of data based on legal requirements, justified interests of Gradcut and the purposes of collection.

  1. Measures for allowing data portability and ensuring erasure

Gradcut has an automated process for deleting Customer Data within 30 days and archives the clips and other customer assets while being de-identified.

ANNEX III

LIST OF SUB-PROCESSORS

Customer has authorised the use of the following Subprocessors:

  1. Gradcut’s employees and individual contractors and agents may have access to Personal Data in order to provide the Services.
  2. Additional Subprocessors:

Vendor / Service

Purpose

Location

Website

Amazon AWS

Cloud Infrastructure

USA

https://aws.amazon.com

Linode

Cloud Infrastructure

USA

https://www.linode.com

Stripe

Secure customer payments

Netherlands

https://stripe.com

Sendgrid

Email sending service

USA

https://sendgrid.com/

LiveChat

Cloud-based Chat Services

Poland

https://www.livechat.com/

Slack

Internal and customer communication.

USA

https://slack.com 

Softvelum

Video Streaming

USA

https://softvelum.com/

Logz.io

Event monitoring, bug tracking and related analytics.

USA

https://logz.io/

Shopping Basket