Last updated: 21 September 2025
Controller: Swavvy AB (Org. No. 5590083670)
Address: Täppgränd 95, 121 33 Enskededalen, Sweden
Contact: info@chatric.ai
This page lists third-party processors we use to provide Chatric. All sub-processors are bound by written agreements compliant with Art. 28 GDPR. We prioritize EEA processing. Where processing occurs in a third country, we implement Standard Contractual Clauses (SCCs) and supplementary safeguards.
Change notifications. We aim to notify customer admins in-app or by email at least 30 days in advance of adding or replacing a sub-processor, where feasible.
Current sub-processors
| Vendor | Legal entity | Service / purpose | Data categories | Primary processing location | Third-country transfer | Safeguards & notes |
|---|---|---|---|---|---|---|
| Google Cloud Platform (GCP) | Google Cloud EMEA Limited (and affiliates) | Cloud hosting (compute, storage, networking), databases, monitoring | Account data, chat content (controller context where applicable), processor-side Customer Data at rest, logs/telemetry | EU (GCP europe-west1) | No (EEA hosted) | Encryption at rest/in transit; DPA in place |
| Firebase Authentication | Google LLC | User authentication (Google/Facebook sign-in), session validation | Name, email, profile image, auth identifiers/events | US / global auth infra | Yes (US) | SCCs + technical/organizational safeguards; used solely for authentication and to establish access to user-authorized data sources |
| Sentry | Functional Software, Inc. (Sentry) | Error & performance monitoring (application telemetry) | Pseudonymized error traces, stack traces, timestamps, minimal request metadata | EU data residency available; otherwise US | Possible (US) | SCCs; error data minimization; no Customer Data payloads should be sent (we strip/redact PII by default) |
| OpenAI (GPT-5) | OpenAI OpCo, LLC (and affiliates) | Model inference to generate responses (no training on Customer Data by default) | Prompts/outputs necessary for inference (minimized); never used for model training unless you opt-in | Global (may include US) | Yes (if outside EEA) | SCCs; contractual no-training on Customer Data by default; additional technical/organizational safeguards |
Data minimization with Sentry/OpenAI. We configure integrations to avoid sending sensitive or special-category data. Please avoid including such data in prompts or error payloads.
Independent Controllers / Integrations (not sub-processors)
These platforms are typically independent controllers for their own services. You choose to connect them; we process your data as your processor when we read from or write to them on your instructions.
| Platform | Legal entity | Role | Typical purpose | Data involved | Notes |
|---|---|---|---|---|---|
| Meta (Facebook) | Meta Platforms, Inc. and affiliates | Independent controller / data recipient | Conversions API and related advertising measurement/activation | Event/campaign metadata, hashed identifiers you choose to send | Your contracts and privacy notices with Meta apply. Configure what is sent; we act on your instruction. |
| Shopify | Shopify Inc. and affiliates | Independent controller / data source | Commerce data source (orders, customers, products, events) | Order/customer/product data you authorize | Your Shopify terms & privacy apply. We fetch only what you authorize and process as your processor. |
How we evaluate sub-processors
Privacy & security reviews, including data residency, encryption, access controls, incident history.
Contractual controls (Art. 28 DPA, SCCs where needed, no-training terms for AI where applicable).
Data minimization (least data necessary for the stated purpose).
Ongoing monitoring and annual re-assessment.
Customer responsibilities
Configure integrations to avoid sending prohibited or unnecessary personal data.
Ensure a lawful basis for Customer Data sent to/received from independent platforms (Meta, Shopify, etc.).
Use Chatric features (hashing, filters, field selection) to minimize data sharing wherever possible.
Contact
Questions about this page? Email info@chatric.ai.