Sub-processors

A sub-processor is a third-party service that processes data on behalf of 2i2c while we operate infrastructure for a community. This page describes the sub-processors used in a typical hub deployment and the kinds of personal data each one handles. The specifics differ per hub (e.g., the cloud region where data is stored, or any add-on services), so the list below is not exhaustive. See How to find the data processors for a specific hub below to determine the list for a particular hub.

This is not a legal document

This document is provided to set expectations and understanding about 2i2c’s cloud infrastructure service. It is not legally binding.

Typical sub-processors

The services below are common touchpoints for user data (e.g., their identity, files they create, etc).

Cloud or infrastructure provider

An infrastructure provider (like a cloud provider) hosts the core infrastructure that runs the hub. This includes compute, storage, and logging. The cloud region is configured per hub and determines where this data is stored. 2i2c either manages its own cloud provider account, or uses one managed by the community.

Personal data processed by this sub-processor:

• User home directory contents (e.g., notebooks, data files created during use)

• The JupyterHub username / authentication database

• System and access logs

Here are a few common cloud providers we use and their sub-processors pages:

• Amazon Web Services (AWS). GDPR Center, sub-processors

• Google Cloud Platform (GCP). GDPR resource center, sub-processors

• Microsoft Azure. Data Protection Addendum, service trust page

Identity provider

The service used to authenticate users when they log in. The hub uses these providers to authenticate but does not store authentication credentials on them. The user or their home institution has a direct relationship with the identity provider.

Personal data processed by this sub-processor (exchanged at login only):

• Username

• Email address (depending on the provider)

• Membership in a designated organization (where applicable)

Here are a few common ones we use:

• GitHub. Privacy Statement

• CILogon. operated by the University of Illinois NCSA

• Google. Privacy & Terms

Note: If a hub uses CILogon, the user’s home institution is itself the identity provider and effectively the relevant sub-processor for that user’s authentication data.

How to find the data processors for a specific hub

The sub-processors used by a given hub are determined by its configuration in the 2i2c infrastructure repository. This will usually involve digging through .yaml configuration to find the services that your hub uses. If you need this information, please open a support ticket.

Related

• Privacy Policy. what data 2i2c does and does not retain

• Acceptable Use Policy. expectations for using 2i2c-managed infrastructure