Ceresant Solutions, Inc. Sub-Processors

Last Updated May 2, 2025

What Are Sub-Processors?

Sub-processors are third-party service providers that Ceresant engages to process Student Data or other personal information on your behalf. Your privacy policy specifically mentions this in the Data Processing Agreements section:

"Limitations on subprocessing and requirements for subprocessor agreements" 

These are essentially vendors who need access to your data to help provide the BrainDash platform services.

Key Sub-Processors Mentioned

Your policy specifically identifies several key service providers (from the prior privacy policy):

• Cloudflare, Inc. (traffic optimization, distribution, security)
• Google LLC (security and analytics)
• HubSpot, Inc. (analytics, CRM, communications)
• TYPEFORM S.L (data collection and surveys) 

Documentation Requirements

For sub-processors, your privacy policy requires:

1. Vendor Assessment Documentation: Records of security and privacy assessments conducted before engagement 

2. Contractual Agreements: Documentation showing sub-processors are bound by:

   • Obligations to process data only as instructed by Ceresant
   • Implementation of appropriate security measures
   • Assistance with data subject rights
   • Deletion/return of data requirements
   • Audit and inspection provisions 

3. Ongoing Monitoring Records: Documentation of regular compliance verification through:

   • Security questionnaires
   • Documentation reviews
   • Third-party audits 

4. Current Vendor List: A maintained list of all approved vendors and their security assessments 

Schools can request this documentation by contacting privacy@ceresant.com.