Subprocessors
Third parties that touch customer data, listed by purpose and data category. We commit to 30 days advance notice via email before adding or replacing any subprocessor.
How to subscribe to changes: workspace owners are notified by email at the address on file. Effective date for each entry is tracked here. If you require formal notification under a DPA, email legal@chieflab.io to confirm the contact-of-record.
Current subprocessors
Effective as of 2026-05-13. ChiefLab will give workspace owners at least 30 days advance notice via email before adding or replacing a subprocessor on this list. Customers may object on reasonable data protection grounds per the DPA §4.
| Provider | Purpose | Data categories | Region | DPA / privacy |
|---|---|---|---|---|
| Anthropic (PBC) | LLM inference — Sonnet 4.6 routing for outputMode: "draft" and "full". Default outputMode "context" returns briefs without an Anthropic call. | Prompt content for opted-in calls; never raw repo files unless caller passes them in repoContext. | United States | Link → |
| Google LLC (Gemini API) | Image generation when imagesNeeded > 0 (opt-in). BYOK supported — when set, you pay Google directly via your key. | Image prompts (text). No source images unless you upload one. | United States | Link → |
| Resend, Inc. | Transactional and outbound email delivery (approved send actions only). BYOK supported. | Recipient email address, sender domain, message content for sends you approve. | United States | Link → |
| Zernio | Social publishing across LinkedIn, X, Instagram, Facebook, Threads, Bluesky, TikTok (approved publish actions only). | Post content, scheduling metadata, OAuth refresh tokens. | United States / European Union | Link → |
| Supabase Inc. | Primary database (Postgres), authentication, encrypted secrets storage, audit logs. | All workspace data — accounts, runs, drafts, brain, actions, audit logs, encrypted connector secrets. | United States by default; EU region available on Enterprise. | Link → |
| Vercel, Inc. | API runtime hosting (api.chieflab.io) and static site hosting (chieflab.io). | Request logs (IP, user agent, timestamps), runtime memory during request handling. | Global edge; United States primary | Link → |
| Cloudflare, Inc. | DNS, CDN, Pages Functions (sandbox proxy), R2 object storage for generated images, web analytics (privacy-first, cookieless). | Request metadata, generated image assets, anonymized analytics. | Global | Link → |
| Stripe, Inc. | Billing portal and payment processing (Enterprise tier; PLG tiers do not transact through Stripe yet). | Billing PII (name, billing address, payment method ref). We do not store card numbers; Stripe does. | United States | Link → |
Optional / opt-in subprocessors
The following process data only when you explicitly opt in via the relevant outputMode, connector, or feature toggle. They are not active by default for every workspace.
- OpenAI — invoked only when caller routes to GPT models for outputMode: "full". US-based. openai.com/policies
- Google Analytics 4 (read-only connector) — invoked only when you authorize the GA4 connector for post-launch measurement.
- Google Search Console (read-only connector) — invoked only when you authorize the GSC connector for post-launch measurement.
Future / planned
Listed for transparency. None active today; we will give 30 days notice and update this page when any goes live.
- HubSpot (CRM connector) — half-wired, hidden from /app/connections until the read path ships.
- Additional measurement / analytics integrations as they're scoped on /roadmap.
Cross-references
- How we share data with subprocessors: Privacy Policy §5.
- Subprocessor authorization and notice clauses: DPA §4.
- Operational mirror of this list: /trust (informational; this page controls).