Updated as of: August 8, 2023
A sub-processor is a third party data processor that Exos engages to process personal data to assist Exos with delivering “Exos Offerings” (as defined in our privacy policy).
Exos may be considered a "processor" or a "controller," within the meaning of applicable data protection law, of the data that these sub-processors process: (a) when an Exos client (e.g., employer) facilitates access to the Exos Offerings, Exos serves as a “data processor” of the data that clients transmit to Exos in their corporate capacity (e.g., list of employees eligible to access the Offerings) and (b) when an end user or “Member” accesses the Offerings (fitness/wellness services), Exos serves as controller of the data it collects directly from those Members as individuals. Where Exos serves as controller, it provides privacy rights as described in its privacy policy (e.g., right to delete and access data).
The list below includes the Exos sub-processors that process data for our "Digital Services," as defined in our Terms of Service. Exos may be considered a "processor" or a "controller" within the meaning of the GDPR of the data processed by these sub-processors, depending on the circumstances.
If you are an Exos client and wish to sign onto the Exos Data Processing Agreement with regard to the data over which you act as controller, please contact legal-notices@teamexos.com.
Additionally, please be assured that Exos requires its sub-processors to satisfy privacy and security obligations consistent with those described in the Exos Privacy Policy such as to:
Exos requires sub-processors to satisfy customary privacy and security obligations that are no less rigorous than those offered by Exos in the Exos Data Protection Addendum (“DPA”). If you are a corporate subscriber to an Exos solution and wish to enter into our DPA, please email your account manager.
Exos will update this webpage whenever it adds sub-processors, and if you have entered into a Data Processing Agreement with Exos, it will also email your address for notices contained in such agreement.
To the extent that you are a Member (end user of fitness/wellness services) and use Exos Offerings outside of the United States, Exos may process your personal data via its affiliate located in the applicable country. In addition, depending on the Offering you use, Exos may process your personal data via an applicable US affiliate. Exos affiliates include:
|
Affiliate Name |
Registered Location |
Affiliate Name |
Registered Location |
|
AP Global Services, LLC |
Delaware |
EXOS AP Arizona, LLC |
Georgia |
|
Athletes' Performance, Inc. |
Delaware |
EXOS AP Los, Angeles, LLC |
Delaware |
|
Athletes’ Performance Elite, LLC |
Delaware |
EXOS AP San Diego, LLC |
Delaware |
|
Athletes’ Performance Florida, LLC |
Delaware |
EXOS AP Texas, LLC |
Delaware |
|
Athletes’ Performance Germany GMBH |
Germany |
EXOS Community Health Services, LLC |
New Jersey |
|
Athletes’ Performance Hong Kong Limited |
Hong Kong |
EXOS Community Services, LLC |
New Jersey |
|
Athletes’ Performance International, LLC. |
Delaware |
EXOS Corporate Health Services, LLC |
New Jersey |
|
Athletes’ Performance Management Consultancy Limited |
Beijing |
Exos Health Holdings, LLC. |
Delaware |
|
Athletes’ Performance UK Limited |
United Kingdom |
EXOS Human Capital, LLC |
Delaware |
|
Core Performance Centers, LLC |
Delaware |
EXOS Tactical, LLC |
Delaware |
|
CP International LLC (Singapore Branch) |
Singapore |
EXOS Works Malaysia |
Malaysia |
|
CP International, LLC |
Delaware |
EXOS Works Mexico |
Mexico |
|
CP International, LLC (Ireland Branch) |
Ireland |
Exos Works, Inc. |
New Jersey |
|
CP International, LLC (Zurich Branch) |
Switzerland |
France CP (Bld) |
France |
|
CP Japan |
Japan |
Depending on the Exos Offering you use, one or more of the following sub-processes may process your personal data:
|
Sub/Processor |
Processes Client or Member Data |
Purpose |
Data Processed |
Location Data Storage |
Applicable Exos Offering |
Data Safeguards |
|
Amazon RDS |
Both |
Data storage |
All information collected via the applicable Offering |
USA |
Fit |
Risk and Compliance whitepaper |
|
Amazon Web Services |
Both |
Cloud computing and storage |
All information collected via the applicable Offering |
USA |
Fit |
|
|
Auth0 |
Both |
Registration and authentication |
|
US and EEA |
Fit |
Auth0 Security, Privacy & Compliance |
|
AWS Cognito |
Both |
Authentication |
|
USA |
Fit |
Risk and Compliance whitepaper |
|
AWS DynamoDB |
Member |
Data Storage |
|
USA |
Fit |
Risk and Compliance whitepaper |
|
Branch.IO |
Member |
Deep Linking |
|
USA |
Fit |
|
|
BridgeAthletic |
Member |
Training program creation |
|
USA |
Exos sport performance centers, Google personal training |
Bridge Athletic Privacy Policy |
|
Calendly |
Member |
Consultation scheduling |
|
USA |
Fit |
|
|
Cloudflare |
Both |
Web Application Firewall |
|
USA |
Fit, Coach Hub |
|
|
CookieYes |
Both |
Cookie Compliance |
|
UK |
Exos’ websites |
|
|
Cronofy |
Member |
Calendar Scheduling |
|
USA |
Perform, Fit |
|
|
DariMotion |
Member |
Musculoskeletal analysis scanner |
|
USA |
Exos sport performance centers |
|
|
DOMO |
Both |
Data analytics |
|
USA |
Perform, Fit |
|
|
Hubspot |
Both |
Customer relationship management |
|
Germany, USA |
Perform, Fit |
|
|
Iterable |
Member |
Marketing/Targeted Communications |
|
USA |
Fit |
|
|
Ixcela |
Member |
Metabolite assessment |
|
USA |
Exos sport performance centers |
|
|
Kitman Labs |
Member |
Athlete management system |
|
US and EEA |
Exos sport performance centers |
|
|
LaunchDarkly |
Member |
Monitoring and tracking |
|
"anywhere where we or one of our service providers has services" |
Perform, Fit |
|
|
Looker |
Both |
Data analytics |
|
USA |
Perform, Fit |
|
|
Mindbody Online |
Both |
MMS, Class scheduling, Payment |
|
USA |
Fit |
|
|
Mixpanel |
Member |
Analytics and usage tracking |
|
USA |
Perform, Fit |
|
|
Paypal |
Member |
Payment |
|
USA |
Fitness Center Management |
|
|
Paysimple |
Member |
Payment |
|
USA |
Fitness Center Management |
|
|
Perch |
Member |
Force Velocity Profiling |
|
USA |
Exos sport performance centers |
|
|
Qualtrics |
Member |
Surveys |
|
USA |
Perform, Fit |
|
|
Rapsodo |
Member |
Pitching and Hitting Mechanics |
|
USA |
Exos sport performance centers |
|
|
Sendgrid |
Member |
Transactional emails |
|
USA |
Perform, Fit |
|
|
Sentry |
Member |
Security |
|
USA "and other countries where Sentry or its affiliates, future subsidiaries or service providers maintain facilities" |
Fit |
|
|
Snowflake |
Member |
Data management |
|
USA |
Perform, Fit |
|
|
Split.io |
Member |
Monitoring and tracking |
|
USA |
Fit |
|
|
Storyblok |
Member |
Content management system |
|
Germany |
Perform, Fit |
|
|
Stripe |
Member |
Payment |
|
"We may transfer your Personal Data to countries other than your own country, including to the United States." |
Perform |
|
|
Wistia |
Member |
Video hosting |
|
USA |
Perform, Fit |
|
|
Vald Performance |
Member |
Force and Strength assessment |
|
USA and EEA |
Exos sport performance centers |
|
|
Zendesk |
Member |
Data subject request and support request manager |
|
USA |
Fit |
Compliance Certifications and Memberships |
|
ZoneIn |
Member |
Nutrition meal planning and analysis tool |
|
USA |
Exos sport performance centers |
|
|
Zoom |
Member |
Default video solution for classes & consults |
|
USA |
Perform, Fit |
|
VERSION HISTORY