Overview
This page provides an informational overview of the categories of third-party Subprocessors that Blue Arctic, LLC ("Blue Arctic") may engage in connection with providing its Services. This overview is provided for transparency and is supplementary to the Data Processing Addendum ("DPA"). Blue Arctic may update its Subprocessors from time to time as necessary to operate, maintain, secure, support, or improve the Services.
All Subprocessors are subject to appropriate data protection obligations, including written agreements imposing confidentiality requirements and data protection standards no less protective than those set forth in the DPA. Where required by applicable Data Protection Laws, Blue Arctic ensures that appropriate transfer mechanisms (such as Standard Contractual Clauses) are in place for Subprocessors located outside the European Economic Area, United Kingdom, or Switzerland.
Infrastructure Providers
Blue Arctic owns and operates its primary hosting infrastructure, including hardware and network equipment in Tampa, FL, USA. Blue Arctic may engage upstream network providers (transit and peering) to carry encrypted network traffic between Blue Arctic's infrastructure and the public internet. These providers transport data in encrypted form and do not have access to decrypted client data.
Backup and Storage Providers
Blue Arctic may engage third-party providers for encrypted off-site backup storage to support disaster recovery and business continuity. Backup data is encrypted in transit and at rest, and providers do not have access to decryption keys.
Security and Monitoring Providers
Blue Arctic may engage providers in the following areas to support its monitoring, security, and operational capabilities:
- Infrastructure monitoring — server and network monitoring, alerting, and performance analytics. May process infrastructure telemetry data, including IP addresses and server identifiers.
- DDoS mitigation — distributed denial-of-service protection and traffic filtering. May process network traffic metadata, including source IP addresses and request headers, for the purpose of identifying and blocking malicious traffic.
- Security and threat intelligence — threat detection, vulnerability scanning, and security advisory services. May process system logs and network telemetry for security analysis.
Communication and Support Providers
Blue Arctic may engage providers in the following areas to support communications with clients:
- Transactional email — delivery of account notifications, service alerts, support correspondence, and other transactional emails. May process recipient email addresses, message content, and delivery metadata.
- Support ticketing — management of client support requests and communications. May process client contact information, support ticket content, and interaction history.
Payment Processors
Blue Arctic may engage PCI DSS-compliant payment gateway providers to process credit card transactions and payment data. Blue Arctic does not store full credit card numbers on its servers; payment data is tokenized and processed by the payment gateway.
Development and Support Providers
Blue Arctic may engage independent contractors and development providers to assist with infrastructure management, software development, and technical support operations. All such providers are subject to confidentiality agreements and data protection obligations consistent with the DPA.
Updates
Blue Arctic may update this page and its Subprocessors from time to time as necessary to operate, maintain, secure, support, or improve the Services. Where appropriate, material changes may be communicated in accordance with applicable agreements.
Clients with an active Data Processing Addendum may raise a documented objection to a Subprocessor on data protection grounds in accordance with the objection procedure described in Section 6 of the DPA.
For questions about Subprocessors, contact privacy@bluearctic.com.