Contact Us

List of service providers used by ExperiencePoint​

Notice of new Service Provider(s)

Effective March 22, 2026, we will be adding the vendor(s) below as a service provider. For more information, please reach out to contracting@experiencepoint.com.

AI Vendor Controls

For organizations that choose to include AI enhancements to their services under contract with ExperiencePoint, the following information may be helpful. It highlights key controls; full details are available upon request.

ExperiencePoint always acts as an intermediary between the client device and the service provider when using integrated AI features.

As part of this intermediary function, ExperiencePoint provides the following controls:

  • Accountability: Each AI request is tied to the individual user who made it, and we keep a quality/audit record of requests and outcomes for review and compliance.
  • Isolation: AI interactions are isolated so information stays within the correct user and workshop context; the feature is designed to prevent content from one participant appearing in another participant’s results.
  • Prompt governance: Each AI capability uses a defined prompt template with controlled wording. Prompts are managed centrally and can be extended to apply different feature availability rules by product or user type.
  • Leakage prevention: User inputs are protected so they can’t be unintentionally echoed or exposed across participants; if the system detects unexpected “markers” indicating potential leakage, it blocks the response instead of showing it.

Additionally, as part of including AI enhancements supported by third-party providers, we have validated that our use of the following services falls under these controls.

AI Service Provider Anthropic API
Contact Details Anthropic PBC: 548 Market St, PMB 90375, San Francisco, CA 94104 (United States)
Anthropic Ireland, Limited: 6th Floor, South Bank House, Barrow Street, Dublin 4, D04 TR29 (Ireland)
Services Provided Custom prompt responses through their Anthropic API service.
Processing (and storage) locations USA
Transfer to or Accessed (by service provider) Via API over HTTPS
Types of Personal Data Personal data is not part of the AI Enhancements in our experiences
Data Training Policy May not train models on Customer Content from Services.
Data Retention Period Automatically delete within 30 days of receipt or generation
Data Ownership Anthropic agrees that Customer retains all rights to its Inputs, and owns its Outputs. Disclaims any rights it receives to the Customer Content under these Terms. Subject to Customer’s compliance with these Terms, Anthropic hereby assigns to Customer its right, title and interest (if any) in and to Outputs. Anthropic may not train models on Customer Content from Services. “Inputs” means submissions to the Services by Customer or its Users, and “Outputs” means responses generated by the Services to Inputs (Inputs and Outputs together are “Customer Content”).
Copyright Indemnification Anthropic will defend Customer and its personnel, successors, and assigns from and against any Customer Claim (as defined below) and indemnify them for any judgment that a court of competent jurisdiction grants a third party on such Customer Claim or that an arbitrator awards a third party under any Anthropic-approved settlement of such Customer Claim.
Security Certifications ISO 27001:2022 (Information Security Management)
ISO/IEC 42001:2023 (AI Management Systems)
SOC 2 Type I & Type II
GDPR Data Processing Role Personal data is not part of the AI Enhancements in our experiences
HIPAA Support Health data is not part of the AI Enhancements in our experiences
Service Provider Contact Details Services Provided Types of Personal Data Processing (and storage) locations Transfer to or Accessed
(by service provider)		 Legal Basis
(personal data outside the EEA)

Spanning
Spanning Cloud Apps, LLC. 701 Brickell Ave #400 Miami, FL 33131 +1 877-282-8857
Salesforce Data Backup & Recovery
Contact information including: name, email address, addresses, phone numbers, other information such including: job title, birthdays, email content, contracts and signatures.
Canada
Via API over HTTPS.
Adequacy Decision

Current Service Providers​

ExperiencePoint may use Service Providers when processing Personal Data.

ExperiencePoint will notify you of any intended changes to Service Providers by publishing changes on this webpage at least thirty (30) days prior to the appointment of any new Service Provider. If, within ten (10) days of receipt of that notice, you notify ExperiencePoint in writing of your reasonable objection to the proposed appointment, ExperiencePoint shall work with Service Provider in good faith to find a mutually acceptable reasonable solution. If you fail to answer such notice, the proposed change will be deemed accepted by you.

Last updated on October 27, 2025

Service Provider Contact Details Services Provided Types of Personal Data Processing (and storage) locations Transfer to or Accessed
(by service provider)		 Legal Basis
(personal data outside the EEA)

ActiveCampaign Postmark
ActiveCampaign, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602, United States [email protected]
Sending service-related emails, to facilitate the provision of the services contracted.
Name, e-mail address, and email bodies.
United States
Via API over HTTPS
Standard Contractual Clauses

Mural
TactiYos Inc. (d.b.a. Mural) 650 California St., 7th Floor, Suite 105 San Francisco, CA. 94108, USA
Virtual whiteboard for online collaboration
Name and business email address
United States
Via Browser interactions over HTTPS
Standard Contractual Clauses

Zoom
Zoom Video Communications 55 Almaden Blvd, Suite 600 San Jose, CA. 95113, USA
Video conferencing for virtual sessions
Name and business email address Cloud Recordings (optional): Mp4 of all video, audio and presentations, M4A of all Audio, Text file of all in meeting chats, Audio transcript file
United States or any other country in which it or any of its Sub-processors maintains facilities (see https://zoom.us/ for more details)
Via Browser interactions over HTTPS or via the encrypted Zoom client software
Standard Contractual Clauses

ZoomInfo
ZoomInfo 805 Broadway, Suite 900 Vancouver, WA 98660 360-718-5630 [email protected]
Customer data management and insights
Business contact details, professional role information, and related business profile data
United States or any other country in which it or its affiliates or subcontractors maintain facilities (see Zoominfo’s subprocessors for more details).
Via API or Browser interactions over HTTPS.
Standard Contractual Clauses

Auth0
Auth0, Inc. 10800 NE 8th Street, Suite 600, Bellevue, WA 98004, U.S.A. +1 (888) 235-2699
Application authentication
Log-in / authentication information and other information related to provision of the services
United States
Via API or Browser interactions over HTTPS.
Standard Contractual Clauses

AskNicely
Ask Nicely Holdings, Inc. 1615 SE 3rd Avenue Floor 3 Portland Oregon 97214 United States +1 (503) 755-1090 [email protected]
Customer satisfaction
Names; contact information; IP addresses; geographic location; browser information; device information; information related to the use of the Websites, and Services
United States
Via Browser interactions over HTTPS.
Standard Contractual Clauses

Accredible
Accredible 800 West El Camino Real, Suite 180, Accredible Mountain View, CA, 94040 [email protected]
Credential and badge provider
Name, email, location, and other information for which a certificate/accreditation will be granted.
Anywhere in the world, including, but not limited to, the United States or other countries
Via API or Browser interactions over HTTPS.
Standard Contractual Clauses

Amazon Web Services Inc.
Amazon Web Services Inc 410 Terry Avenue North Seattle, WA 98109-5210
Connection logs from Cloudflare and Fastly temporary storage (less than 1 day).
In relation to visitors to and/or authorized users of the Customer’s domains, networks, websites, application programming interfaces (“APIs”), or application: connection data, localization data (including IP addresses).
United States
S3 API and HTTPS.
Standard Contractual Clauses

Cloudflare
Cloudflare, Inc. 701 Townsend St. San Francisco, CA. 94107, USA
Application acceleration, to allow global access within adequate timelines.
In relation to visitors to and/or authorized users of the Customer’s domains, networks, websites, application programming interfaces (“APIs”), or application: connection data, localization data (including IP addresses), and any other data Customer receives from such visitors or authorized users.
In the United States and other locations where Cloudflare maintains facilities: https://www.cloudflare.com
Via Browser interactions over HTTPS.
Standard Contractual Clauses

Datadog
Datadog, Inc. 620 8th Ave 45th Floor New York, NY 10018 USA +1 (866) 329-4466 [email protected]
Security Event and Incident Management, Application Performance Monitoring
IP addresses; geographic location; browser information; device information; information related to the use and performance of our services
United States
Via API or Browser interactions over HTTPS.
Standard Contractual Clauses

Fastly
Fastly, Inc., a Delaware Corporation PO Box 78266 San Francisco, CA 94107
Application acceleration, to allow global access within adequate timelines.
In relation to visitors to and/or authorized users of the Customer’s domains, networks, websites, application programming interfaces (“APIs”), or application: connection data, localization data (including IP addresses), and any other data Customer receives from such visitors or authorized users.
In the United States and other locations where Fastly maintains facilities: https://www.fastly.com/
Via Browser interactions over HTTPS.
Standard Contractual Clauses

Flosum
Flosum Corporation 11040 Bollinger Canyon Rd Suite E-944 San Ramon, CA, 94582 USA +1 844-335-6786 ‍[email protected]
Salesforce Data Backup & Recovery
Contact information including: name, email address, addresses, phone numbers, other information such including: job title, birthdays, email content, contracts and signatures.
United States
Via API over HTTPS.
Standard Contractual Clauses

Google Analytics
Google LLC 1600 Amphitheatre Parkway, Mountain View, CA. 94043, USA
Tracking product usage over the lifetime of a product session. Used in aggregate to inform product design decisions, benchmarking.
Online identifiers, including cookie identifiers, internet protocol addresses and device identifiers; client identifiers
In the United States and other locations where Google data centres are located: Locations
Via Browser interactions over HTTPS.
Standard Contractual Clauses

Innovation Impact
Treehouse Innovation, Studio 34, RIVERSIDE BUILDING, 55 Trinity Buoy Wharf, London E14 0FP, United Kingdom [email protected]
Virtual innovation behavior assessment platform
Personally identifiable information may include, but is not limited to your country, name, email address and gender. Log Data such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages and other statistics.
United Kingdom
Via Browser interactions over HTTPS.
Standard Contractual Clauses

NovoEd
NovoEd +1(415) 366-7762 150 Sutter Street # 206 San Francisco, CA 94104
Platform for online course offerings
User name, email address, password and tracking. Employee name, email address, contact information, IP address, content and use history.
United States
Via API or Browser interactions over HTTPS.
Standard Contractual Clauses

Outreach
Outreach Corporation 333 Elliott Ave W, Suite 500 Seattle, WA 98119 USA [email protected]
Customer service management and communication
Business contact information including: name, email address, business addresses, phone numbers, job title, email content
United States or any other country in which it or any of its Sub-processors maintains facilities (see https://www.outreach.io/sub-processors for more details).
Via API or Browser interactions over HTTPS.
Standard Contractual Clauses

Salesforce
Salesforce Tower 415 Mission Street, 3rd Floor San Francisco, CA 94105
Customer Service management, and support ticket services.
Contact information including: name, email address, addresses, phone numbers, other information such including: job title, birthdays, email content, contracts and signatures.
United States
Via Browser interactions over HTTPS.
Standard Contractual Clauses

Spanning
Spanning Cloud Apps, LLC. 701 Brickell Ave #400 Miami, FL 33131 +1 877-282-8857
Salesforce Data Backup & Recovery
Contact information including: name, email address, addresses, phone numbers, other information such including: job title, birthdays, email content, contracts and signatures.
Canada
Via API over HTTPS.
Adequacy Decision

Twilio
Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 United States +1 844-814-4627 [email protected]
SMS/MMS Messaging for multi-factor authentication
Mobile Phone number
United States
Via API over HTTPS.
Standard Contractual Clauses

Wistia
Wistia, Inc. 120 Brookline Street Cambridge, Massachusetts, 02139 USA [email protected]
Video playback
Names; contact information; IP addresses; geographic location; browser information; device information; information related to the use of the Websites, Media, and Services
In the United States and other locations where Wistia maintains facilities: https://www.wistia.com/
Via Browser interactions over HTTPS.
Standard Contractual Clauses

Zapier
Zapier, Inc. Attn: Legal Department/Privacy 548 Market St. #62411 San Francisco, CA 94104-5401 (877) 381-8743 [email protected]
Automation platform
Name and email address
United States
Via API or Browser interactions over HTTPS.
Data Privacy Framework (including UK extension)