| Sub-processor | Purpose of Processing | Location |
|---|---|---|
Salesforce | Salesforce enables efficient sales operations, maintains accurate and centralized client records, supports real-time data synchronization across systems, and ensures compliance with data protection regulations. Salesforce is subject to contractual privacy governance measures. | United States |
AWS Cloud | AWS Cloud supports in hosting critical platforms which rely on AWS data centers for secure, scalable, and high-performance operations. AWS enables the deployment of virtual computing environments, object storage , and advanced services, which are used for data analytics, application hosting, and enterprise automation. It supports the processing of Personal Data and customer data across various business functions, and is governed by certifications such as SOC 2 and ISO 27001. | United States |
Oracle Cloud | Oracle Cloud manages procurement workflows, purchase requisitions, and financial transactions across departments. It enables automation of requisition approvals, purchase order generation, and integration with corporate and wealth product families, thereby streamlining financial operations and reducing manual errors. Oracle Cloud processes Personal Data and is governed by ISO 27001 and SOC 2 certifications. Its infrastructure is hosted in USA-based AWS data centers. | United States |
Zendesk | Zendesk handles service requests, manages client interactions, and supports operational workflows across teams. As a subprocessor, Zendesk handles Personal Data and is subject to contractual privacy governance measures. | United States |
Workday | Workday maintains accurate employee records, enables real-time reporting and analytics, supports absence and time-off management, and facilitates updates to personal, educational, and government ID information. Workday processes sensitive employee data and is governed by certifications including SOC 1 Type II, SOC 2 Type II, SOC 3, ISO/IEC 27001, and ISO/IEC 27701. Its infrastructure is hosted on AWS data centers in the United States. | United States |
Snowflake | Snowflake supports data lake architecture, extract generation, and premium services such as insights, report writer functionality, and real-time analytics. As a subprocessor, Snowflake handles Personal Data and is governed by certifications such as SOC 2 and ISO/IEC 27001. Its infrastructure is hosted in USA-based AWS data centers. | United States |
Microsoft | Microsoft enables productivity through Microsoft 365 applications (e.g., Outlook, Teams, Word, Excel), facilitates secure communication and collaboration, and supports enterprise-wide document management and data governance. Microsoft services are used to generate, store, and transmit Personal Data such as employee information, client communications, and privacy documentation. Microsoft is subject to contractual obligations regarding data protection. | United States |
ComplySci | ComplySci has been deployed to support tracking and approving employee activities such as outside employment, investment club participation, and expert network engagements, all of which are subject to regulatory scrutiny and internal ethical standards. ComplySci is also used to administer mandatory compliance training for new hires and covered persons, including affirmations and Code of Ethics modules, which are accessed via single sign-on (SSO). The platform supports the submission and review of holdings reports, conflict disclosures, and whistleblower policies, ensuring that employees remain compliant with federal regulations and internal governance frameworks. As a subprocessor, ComplySci handles Personal Data. | United States |
CrowdStrike | CrowdStrike is implemented for deploying enterprise agents on Windows and Linux systems to monitor and prevent malicious activity from the earliest stages of system boot. CrowdStrike’s Falcon Forensics and Falcon cloud-managed detection tools are used to collect forensic data, detect threats, and perform advanced analytics such as file hashing, network data dumps, and process enumeration. The platform also supports purple teaming exercises to validate and improve detection capabilities across the SOC and offensive security teams. | United States |
Aravo | Aravo facilitates vendor onboarding, assesses privacy and security risks, and monitors Subprocessors with access to Personal Data. Aravo facilitates the configuration of risk attributes such as residual risk scores, engagement criticality, and screening tiers, which are used to classify vendors and prioritize assessments. It also supports SLA tracking, delegation logic, and GDPR-related triggers, ensuring that regulatory obligations are met across a diverse third-party base. As a subprocessor, Aravo handles sensitive vendor and employee data and is integrated into Envestnet’s privacy governance framework. | United States |
You are viewing an unpublished version of this Trust Center.