Wordfence sub-processors

  • Resolved Ambyomoron

    (@josiah-s-carberry)


    5 years, 11 months ago

    The DPA that Defiant is asking us to sign lists 5 subprocessors – third parties that may have access to our visitors personal data. Among them, Amazon and ByteGrid are presumably acting as hosting services, which sounds perfectly normal and the DPA describes clearly the relationship.
    Twilio provides communication services, but no mention is made of to whom. It is not clear why our visitors’ personal data should ever go through Twilio.
    Freshworks provides service management services. Once again, I cannot imagine why our visitors’ personal data should ever appear on a ticket hosted by Freshworks.
    But Mode Analytics is extremely troubling. The whole purpose of the company is to host AND TO SHARE data. Now, I understand perfectly why Defiant might want to use such a service. But it is not at all clear whether any personal data is placed on that platform, or only aggregate data that CANNOT be traced to individuals. And if personal data is placed on that platform, how in the world can Mode Analytics guarantee its confidentiality if the whole purpose of the service is to share the data with others?
    I think all Wordfence users would benefit from clarification of these issues. Are our visitors’ personal data really being handled by ALL of these sub-processors? If so, to do what, precisely? And are these legitimate uses for the purposes of an application firewall, or does GDPR put the entire business model of Defiant into question?

    • This topic was modified 5 years, 11 months ago by Ambyomoron.
Viewing 1 replies (of 1 total)
  • Plugin Author Wordfence Security

    (@mmaunder)

    5 years, 11 months ago

    It’s all quite boring actually. No conspiracy here I’m afraid.

    ByteGrid: We own our own servers and physically locate them in a rack at ByteGrid which is a data center that provides colocation. They do not have access to the data on those servers. They just provide power, climate, security and bandwidth.

    Twilio is who we use to send SMS’s when providing two factor authentication. We share your phone number with them so that they know who to send the SMS to. Again, boring.

    Freshworks makes Freshdesk, our ticketing system. Your email and name is stored in that system. It has to be or we wouldn’t know who we’re talking to.

    Mode is a tool we use to query our own databases. It’s like a SQL client on steroids with graphing and analyzing capability. Mode Analytics connects to our DB servers and we use it to query things like attack data, user data and so on. Because the data passes from the DB, through their systems and into the user interface, we have to list them as a sub-processor.

    I think you’ve misunderstood the ‘sharing’ part of what Mode does. It gives us the ability to share reports internally at Defiant. That data is not shared outside our organization.

    Our DPA is clear on who our sub-processors are. If we shared that data with any other company, they would be listed as an additional sub-processor in the DPA.

    Mark.

Viewing 1 replies (of 1 total)
  • The topic ‘Wordfence sub-processors’ is closed to new replies.